In this paper the author asks what should define the modern work safety regulator and seeks to articulate an evidence-grounded regulatory framework as the response. The framework’s primary application is to advanced-economy major-hazard regulation; application to low-hazard sectors and to developing-economy regulation is acknowledged to require modified application the paper does not attempt. In considering WHS regulatory design, the contemporary regulator in this scope operates with accumulated layers of inherited assumptions from the Factory, Shops and Industry Acts tradition through the Robens paradigm, the Hampton and Löfstedt risk-based-proportionality thinking, the Boland and Brady Australian reviews, and the contemporary inspector-practice shift documented in the Scandinavian empirical literature. The contemporary harm pattern is broader than the regulator’s historically operative purpose framing captures, and the contemporary information architecture is structurally biased in ways the regulator is positioned not to see.

The framework comprises five components, specifically purpose, function portfolio, layered causation model, structural conditions, and wider prevention ecosystem and is illustrated through four major-accident cases (the Esso Longford gas plant explosion 1998, the BP Texas City refinery explosion 2005, the Brumadinho tailings dam collapse 2019, and the Grosvenor coal mine explosion 2020). The paper’s evidentiary basis is largely doctrinal (the international-instruments comparative analysis in Section 4.1), theoretical (the safety-science paradigm survey in Section 3 and the structural-conditions theory in Section 4.4), and illustrative (the four case studies in Section 6); the cases were chosen with knowledge of the framework’s analytical structure and illustrate rather than test the framework predictively, with predictive testing identified as further research.

The paper is a Hopkins-anchored normative reconstruction. Hopkins’s corpus, notably the 1994 LTI critique, the occupational-vs-process safety distinction, and the production-pressure framing supplies the framework’s principal interpretive lens, supplemented by engagement with the regulatory-studies tradition (Gunningham, Sparrow, Baldwin, Parker, Yeung), the public-administration literature on agency autonomy and capture (Carpenter; Carpenter and Moss; the principal-agent literature), the public-choice critique (Stigler, Posner, Buchanan and Tullock), and the OECD-aligned governance-of-regulators framework.

Two synthesising contributions are offered by the author. The first is the doctrinal grounding of an expanded statutory-purpose clause in ILO Convention 155 Article 3(e) (the expansive definition of health) and the US Occupational Safety and Health Act 1970 sections 2(b)(5) and (6) (the explicit recognition of psychological factors and latent disease) consolidating in statute the expanded scope the operative regulatory regime has been progressively addressing through subordinate instruments. The second is the identification and operationalisation of information sovereignty as a fifth constitutive structural condition supplementing the OECD-aligned four conditions; the paper specifies measurement indicators, assessment criteria, and failure modes parallel to the OECD operationalisations of independence, technical competence, adequate resourcing, and legitimacy with accountability. The implication for advanced-economy major-hazard regulator design is that explicit attention to all five components with information sovereignty produces a more defensible design than leaving the structural-conditions component at the four conditions the OECD-aligned literature currently names.

Highlights

• Articulates a five-component framework for advanced-economy major-hazard regulator design
• Grounds expanded statutory purpose in ILO Convention 155 and US OSH Act 1970
• Operationalises information sovereignty as a fifth structural condition
• Prescribes multi-source triangulation across data streams
• Illustrates the framework through four major-accident cases

1. Introduction

1.1 Opening: a near-fatal incident in an active period of regulatory reform

On 6 May 2020, an explosion at the Grosvenor underground coal mine in central Queensland severely burned five mineworkers. The miners survived, the incident was a near-fatal event with manifestly catastrophic potential. The Queensland Coal Mining Board of Inquiry, chaired by retired District Court Judge Terry Martin SC, was established within sixteen days and investigated the explosion alongside forty high-potential methane-exceedance incidents at Queensland underground coal mines in the immediately preceding ten months. The Inquiry’s findings were direct – mining operations at Grosvenor “were repeatedly conducted in a manner whereby the gas emissions being generated by the rate of production were in excess of the capacity of the mine’s gas drainage system”, and “coal mine workers were repeatedly subject to an unacceptable level of risk through the operations being conducted in this manner” (Martin 2021). The Inquiry’s thematic findings extend beyond Grosvenor to the competing priorities of coal production rates and worker safety, the impact of production and safety bonuses, and the safety implications of labour-hire use across the Queensland underground coal mining sector.

The timing of the findings warrants attention. Sixteen months before the explosion, the Brady Review of Queensland Mine Fatalities had reported, identifying a fatality-cycle pattern and making eleven recommendations including four directed at the regulator (Brady 2019). The Queensland regulator had reportedly accepted the recommendations and entered an active implementation period including adoption of the High Potential Incident Frequency Rate as a measure of reporting culture, inspector competency requirements, and strengthened compliance enforcement. The Grosvenor explosion occurred during this implementation period, before the data architecture and competency frameworks had been operationalised, and at a mine where production-pressure operational practices, the Inquiry would subsequently characterise as repeated and unacceptable, were ongoing.

This pattern mattered. It is one thing for a regulator to be told what to do; it is another to have operationalised the data systems, inspector capabilities, and enforcement architecture that the instruction requires. The fifteen-month gap between Brady’s release and the Grosvenor explosion is short by regulatory-implementation standards; the implementation lag was not pathological but characteristic of how slowly reform moves through government institutional systems. The lag was also consequential: five mineworkers were severely burned during the period when the regulator had been told what was wrong and had accepted the recommendations but had not yet built the apparatus those recommendations specified. This is not a fault narrative but a structural observation. The Grosvenor case raises a question the post-Brady Queensland regulator and the broader regulatory-scholarship community should engage. What should the work safety regulator be designed to do, what should it be designed to be, and what should it be designed to know? such that the implementation lag is shorter, precursor patterns are more visible, and the gap between accepted recommendations and operationalised practice is smaller? The case bears on each of the framework’s structural-conditions components, independence, technical competence, adequate resourcing, legitimacy and accountability, and information sovereignty. It is engaged substantively in Section 6.4 as the framework’s most direct test of the novel information-sovereignty condition.

1.2 The central question

What should define the work safety regulator? The question admits of multiple defensible answers. The principal traditions in the literature include responsive regulation (Ayres and Braithwaite 1992), which calibrates intervention to the operator’s compliance disposition; risk-based proportionality (Hampton 2005; Löfstedt 2011), which concentrates resources on the highest-risk businesses; the safety-case tradition (Cullen 1990), which requires operators to demonstrate ALARP control and the regulator to assess the demonstration; the OECD-aligned governance tradition (Maggetti 2010; Organisation for Economic Co-operation and Development 2014, 2017, 2022), which articulates four structural conditions, independence, technical competence, adequate resourcing, and legitimacy with accountability; and the critical-criminological tradition (Tombs and Whyte 2010, 2013), which engages the regulator’s resistance to structural degradation under fiscal and political-economic constraint. Each supplies a partial answer; each is supported by some empirical evidence and contested by other empirical evidence.

Other traditions warrant attention but are not engaged at the depth this introduction allows. The public-choice tradition (Stigler 1971; Posner 1974; Carpenter and Moss 2014) is engaged in Section 5.6 as the radical-deregulationist counter-position and identified in Section 7.4 as a substantive further-research direction. The regulatory-conversation tradition (Black 1997, 2002) and the new institutional economics tradition (Williamson; North) bear on the framework’s positioning without being engaged at depth here.

The traditions are not in zero-sum opposition. The responsive, risk-based, safety-case, OECD-aligned, and critical-criminologically aware regulator describe overlapping aspects of what an effective regulator must do, be, and resist. But the existing literature has not articulated a synthesised framework that brings the traditions together with explicit attention to the components each emphasises and the components the others do not. The present paper offers such a synthesis.

The paper’s primary application is primarily to advanced-economy major-hazard regulation. Application to low-hazard sectors (offices, retail, education, hospitality) and to developing-economy regulation is acknowledged to require modified application the paper does not attempt. The case-study record, the empirical evidence base, and the framework’s structural-conditions component are most developed at this scope, and the framework is offered for this scope rather than for the regulator generally.

The paper’s central claim is that contemporary regulator design in this scope is structurally inadequate without explicit attention to five components: purpose, function portfolio, layered causation model, structural conditions, and wider prevention ecosystem. Section 4 articulates the framework, Section 5 supplies the empirical evidence base, and Section 6 illustrates the components through four major-accident cases. The two principal contributions are synthesising rather than originally analytical: the doctrinal grounding of an expanded statutory-purpose clause in international instruments (ILO Convention 155 Article 3(e); United States Occupational Safety and Health Act 1970 sections 2(b)(5) and (6)), and the identification and operationalisation of information sovereignty as a fifth constitutive structural condition supplementing the OECD-aligned four conditions.

The paper is a Hopkins-anchored normative reconstruction. Hopkins’s corpus supplies the principal interpretive lens on three specific analytical claims specifically the 1994 LTI critique, the occupational-vs-process safety distinction, and the production-pressure / structure-creates-culture framing. Hopkins’s voice is engaged alongside the regulatory-studies tradition (Gunningham; Sparrow; Baldwin, Cave and Lodge; Parker; Yeung), the public-administration literature on agency autonomy and capture (Carpenter; Carpenter and Moss; the principal-agent literature including Moe, McCubbins and Lupia; the network-governance literature including Klijn, Rhodes, and Provan and Kenis), the public-choice critique (Stigler; Posner; Buchanan and Tullock), and the OECD-aligned governance-of-regulators framework (Maggetti; Organisation for Economic Co-operation and Development 2014, 2017, 2022). The Hopkins anchoring is acknowledged from the outset rather than absorbed silently; Section 7.2 engages the reliance pattern in detail.

1.3 The contemporary regulatory context

The contemporary work safety regulator operates within a sequence of inherited assumptions. The Factory, Shops and Industries Acts tradition descending from the 1833 UK Factories Act established the basic structure: a statutory inspectorate, prescriptive standards, powers of entry, improvement, and prosecution. The Robens Report (Committee on Safety and Health at Work 1972) and the UK Health and Safety at Work etc. Act 1974 shifted the operative paradigm to goal-setting law supporting duty-holder self-regulation. Hampton (2005) consolidated risk-based, proportionate, advice-led regulation as the dominant procedural framework; Löfstedt (2011) extended Hampton with further simplification recommendations. The Australian harmonisation review (Boland 2018) modernised the model WHS architecture without fundamentally challenging its Robens-era foundations. The Brady Review (2019) is the most recent significant Australian review and the most critical of the operative model and its fatality-cycle finding documents a sustained regulator failure mode within the post-Robens paradigm rather than as departure from it. The contemporary inspector-practice shift (Palmqvist, Kjaergaard and Ajslev 2026; Rudolf, Kjaergaard and Ajslev 2025; Garshol, Emberland and Johannessen 2025; Stahl, Lundqvist and Reineholm 2025) documents an evolving inspector identity from coercive enforcer toward alliance-builder in dialogue with the duty-holder. The narrative trajectory traced here is principally Anglo-Australasian; Section 2.3 engages the parallel Nordic, EU, ILO, and US frameworks that supplement this trajectory in the framework’s evidence base.

The contemporary regulator therefore operates with several layers of inherited assumptions simultaneously. The layers are typically not always made explicit in regulator practice, and the implicit operation of accumulated layers produces regulator practice whose stated paradigm and operational paradigm sometimes diverge.

The harm pattern the regulator is constituted to address has also evolved. The Factory Shops and Industry Acts addressed the acute physical harm patterns of 19th- and 20th-century industrial production. Robens expanded the regulator’s reach across all workplaces while retaining the employer-employee dyad in a fixed workplace. The contemporary harm pattern is broader. Psychosocial harm now has its own subordinate-instrument regime across multiple jurisdictions, including the Victorian Occupational Health and Safety (Psychological Health) Regulations 2025, the New South Wales WHS Amendment Regulation 2022, and the EU Framework Directive’s incorporation of ILO Convention 155 Article 3(e) by reference. Gig and platform work has produced multi-party contracting structures the original Robens dyad does not anticipate (Lingard and Pirzadeh 2025; European Agency for Safety and Health at Work 2024). Climate-driven occupational exposure such as extreme heat, bushfire smoke, sea-level rise consequences for coastal work is likely a new harm category. Long-latency occupational disease and supply-chain-mediated harm extend the harm pattern beyond the immediate employer-employee duty relationship.

The empirical evidence on regulator effectiveness has also developed in ways the existing regulatory architecture has not fully integrated. The Levine, Toffel and Johnson (2012) natural-experiment evidence on Cal/OSHA random-allocation inspections found substantive injury reduction with no detectable business-performance impact, the strongest single piece of contemporary evidence that inspection works. Johnson, Levine and Toffel (2023) extended the analysis to find that targeting matters more than inspection volume. Garshol, Emberland and Johannessen (2025) provide a Scandinavian-system replication via Norwegian Labour Inspection quasi-experimental evidence. The same period has produced an equally substantial critical-criminological evidence base documenting regulator degradation: Tombs and Whyte (2010, 2013) document UK HSE enforcement decline (major-injury investigations down 49 per cent between 1999/2000 and 2009/10; local-authority inspections down 86 per cent between 2009/10 and 2012/13) and that HSE fatal-injury data understates work-related deaths by a factor of five to six because the headline data excludes occupational disease. The critical-criminological evidence is consistent with Hopkins’s (1994) Australian-anchored LTIFR critique, which pre-dates the Tombs and Whyte work.

The two evidence bases are in apparent tension: regulator action measurably reduces injuries when it occurs and is adequately resourced, competent, and targeted; regulator capability has substantially eroded over precisely the period the inspection-effectiveness evidence covers. Both findings are held by the literature on careful reading. The paper engages the tension explicitly in Section 5 and resolves it structurally through the framework’s information sovereignty condition, which prescribes multi-source triangulation across available information streams and treats the regulator’s capacity to maintain that triangulation as a constitutive structural condition rather than a contextual variable.

1.4 The framework’s response

Section 4 articulates a proposed framework with five structural components.

Purpose defines what work-related harm the regulator is constituted to address. On the analysis offered here, the regulator’s statutory purpose clause should be expanded to cover work-related harm in all its contemporary forms such as physical and psychological, acute and chronic, direct and indirect, within and beyond the conventional employer-employee relationship. The proposed expansion is grounded doctrinally in ILO Convention 155 Article 3(e) (the expansive definition of health) and the United States Occupational Safety and Health Act 1970 sections 2(b)(5) and (6) (the explicit recognition of psychological factors and latent disease), and is positioned as consolidating in statute the expanded scope the operative regulatory regime has been progressively addressing through subordinate instruments.

Function portfolio defines what the regulator is constituted to do. The proposal is that the contemporary regulator’s function is best understood as a portfolio of eight distinguishable activities: standards-setting and rule-making; authorisation, licensing and approvals; information, education and advice; compliance monitoring through inspection and audit; investigation following incidents; enforcement through notices, prosecutions and enforceable undertakings; learning and policy revision; and data architecture. The eighth, being data architecture is the framework’s addition to the standard regulatory-theory portfolio (Ayres and Braithwaite 1992; Sparrow 2000), warranted by the structural-conditions argument.

Layered causation model defines the conceptual lens through which the regulator interprets the workplace. On this view, the contemporary regulator should hold the chain of accident-causation paradigms Heinrich linear-behavioural, Reason organisational-accident, Rasmussen sociotechnical drift, Hollnagel Safety-II, and their major extensions, simultaneously, with the paradigm chosen for any given operational decision being the one most consequentially appropriate to the risk class of the situation. The most consequential operational implication is the occupational-vs-process safety distinction articulated by Hopkins (1994, 2008, 2012): a regulator that uses occupational-injury metrics as its primary measure of safety performance is structurally blind to catastrophic-risk failures because the metric registers what is frequent rather than what is consequential.

Structural conditions defines what the regulator must be, internally, to perform its function competently. Five conditions are articulated: independence, technical competence, adequate resourcing, legitimacy and accountability, and information sovereignty. The first four are well-established in the OECD-aligned governance-of-regulators literature; the fifth is the framework’s principal original contribution. Information sovereignty is the regulator’s capacity to control, verify, and critically interrogate the multiple information streams on which its direction-setting depends. It is supported by convergent empirical evidence on compensation-data under-reporting (Boden and Ozonoff 2008; Rosenman et al. 2006; Wuellner, Adams and Bonauto 2016; Bureau of Labor Statistics 2014), regulatory-enforcement degradation (Tombs and Whyte 2010, 2013), the LTI-rate critique (Hopkins 1994), audit-as-ceremony evidence (Hutchinson, Dekker and Rae 2024), and experience-rating gaming evidence (Ontario Workplace Safety and Insurance Board literature). The framework’s prescription is multi-source triangulation across self-reporting, worker reports, public complaints, compensation data, coronial findings, hospital admissions, social surveys, and academic-research findings.

Wider prevention ecosystem defines the regulator’s relationship to the other mechanisms contributing to the prevention of work-related harm. On this account, the contemporary regulator is one mechanism within a wider ecosystem that includes the coronial system, royal commissions and boards of inquiry (engaged with the inquiry-contingency caveat that even comprehensive inquiry outputs may be contested in subsequent literature, Pike River 2010 supplies the illustrative example), workers’ compensation insurers, and industry standards-setting bodies. The framework’s claim is not that the regulator’s authority is displaced but that a mature regulator design builds explicit interfaces rather than treating the regulator as the exclusive locus of work safety oversight.

The two principal contributions are synthesising rather than originally analytical. The doctrinal foundation in international instruments has been available since 1981 (ILO Convention 155) and 1970 (the US OSH Act); the empirical evidence on data-architecture problems has been accumulating across multiple jurisdictions and analytical traditions for decades. The contribution is the synthesising move of bringing these foundations and this evidence into explicit conversation with the contemporary harm pattern and with the regulator’s design as a system.

1.5 Method and evidence base

The paper’s evidentiary basis is doctrinal, theoretical, and illustrative, not predictive.

The doctrinal analysis in Section 4.1 compares the five most influential statutory and treaty instruments, the Australian model Work Health and Safety Act 2011 section 3, the UK Health and Safety at Work etc. Act 1974 section 1, the US Occupational Safety and Health Act 1970 section 2, the European Council Directive 89/391/EEC Article 1, and International Labour Organization Convention 155 (1981) Articles 3 and 4 and identifies the doctrinal absences against which the framework’s proposed purpose-clause expansion is directed. The theoretical-paradigm survey in Section 3 maps the chain of accident-causation paradigms against their implied regulator roles, covering twelve paradigms from Heinrich (1931) through Le Coze (2023, 2024, 2026) and engaging the behavioural-safety defender position substantively. The empirical evidence in Section 5 engages four classes, inspection effectiveness, intervention design, recommendation uptake, and data quality and structural bias, and engages the responsible-deregulationist counter-position and the public-choice critique (Stigler, Posner, Buchanan and Tullock, Carpenter and Moss) substantively. Section 6 illustrates the framework through four major-accident cases: Esso Longford (1998), BP Texas City (2005), Brumadinho (2019), and Grosvenor (2020). The cases were chosen with knowledge of the framework’s analytical structure; they illustrate the analytical patterns the framework identifies rather than testing the framework predictively. Predictive testing against unseen cases (Pike River, Grenfell Tower, Lac-Mégantic, Hazelwood mine fire, Upper Big Branch) is identified as further research. Each illustrative case is engaged through a non-Hopkins primary source, the Dawson Royal Commission Report (1999) for Longford, the US Chemical Safety and Hazard Investigation Board Final Investigation Report (2007) for Texas City, the official ICMM position on the Global Industry Standard on Tailings Management (2020) for Brumadinho, and the Martin Board of Inquiry Final Report (2021) for Grosvenor with Hopkins’s analytical contributions engaged as extensions of those primary sources rather than as the primary source themselves.

As previously stated, the paper’s analytical voice is Hopkins-anchored, supplemented by substantive engagement with the regulatory-studies tradition (Gunningham, especially Smart Regulation (Gunningham, Grabosky and Sinclair 1998) and Regulating Workplace Safety (Gunningham and Johnstone 1999); Sparrow’s The Regulatory Craft (2000) at the level of its actual taxonomy of regulator function; Baldwin, Cave and Lodge Understanding Regulation (latest edition); Parker on responsive-regulation extensions; Yeung on capture and design); the public-administration literature on agency autonomy and capture (Carpenter on bureaucratic autonomy; Carpenter and Moss (2014) on capture prevention; the principal-agent literature including Moe, McCubbins and Lupia; the network-governance literature including Klijn, Rhodes, and Provan and Kenis); the public-choice critique (Stigler 1971; Posner 1974; Buchanan and Tullock 1962; Carpenter and Moss 2014); and the OECD-aligned governance-of-regulators framework (Maggetti 2010; OECD 2014, 2017, 2022). The Hopkins anchoring is engaged explicitly in Section 7.2.

The evidence base is dominated by the Anglo-Australian-Scandinavian regulatory tradition. Transferability to non-Anglo-Australian-Scandinavian regulatory traditions is acknowledged as a limitation in Section 5.7 (at the empirical-evidence level) and Section 7.3 (at the paper level), and is identified as further research in Section 7.4.

1.6 Structure of the paper

The paper proceeds in seven sections. Section 2 traces the evolution of work safety regulator function from the pre-Robens prescriptive tradition through the contemporary inspector-practice shift. Section 3 surveys the theoretical paradigms in the safety-science literature and maps each to its implied regulator role. Section 4 articulates the framework its purpose, function portfolio, layered causation model, structural conditions, wider prevention ecosystem with a doctrinal sub-section on the expanded purpose clause, a substantive operationalisation of the layered causation model (risk classes, decision rule, paradigm-conflict resolution, institutional competence), and a substantive operationalisation of information sovereignty (measurement indicators, assessment criteria, failure modes parallel to the OECD-aligned operationalisations of independence, technical competence, adequate resourcing, and legitimacy with accountability). Section 5 engages the empirical evidence in four classes, states the aggregate analytical position, and engages the responsible-deregulationist counter-position and the public-choice critique substantively. Section 6 illustrates the framework through four major-accident cases. Section 7 restates the framework against the assembled evidence base, engages the cross-section Hopkins-reliance pattern, acknowledges the paper’s limitations, identifies seven further-research directions, and states the paper’s synthesising contributions.

The paper engages the question of what should define the work safety regulator and offers an evidence-based framework as the form of the response. The framework is a Hopkins-anchored normative reconstruction, its principal interpretive lens is supplied by Hopkins’s corpus, supplemented by substantive engagement with the regulatory-studies tradition, the public-administration literature on agency autonomy and capture, the public-choice critique, and the OECD-aligned governance-of-regulators framework. The framework is not the final word; it is offered as a more coherent articulation of the regulator’s design for the advanced-economy major-hazard scope than the implicit accumulation of historical layers Section 2 documents and the unresolved paradigm conflicts Section 3 surfaces. The Grosvenor case with which this introduction opens is engaged substantively in Section 6.4 as an illustration rather than as a predictive test. The implementation-lag pattern the case raises such as the gap between accepted recommendations and operationalised practice bears on each of the framework’s structural-conditions components: gaps in resourcing capacity to operationalise accepted recommendations, in inspector competence to engage new data-architecture requirements, in the data architecture itself (information sovereignty proper), and in the legitimacy and accountability framework that would have made the implementation lag visible to external scrutiny. The framework’s information-sovereignty contribution is the component the case bears on most directly because it is the framework’s novel addition to the existing four-condition OECD-aligned literature, and because the regulator’s data architecture is the specific gap the Brady recommendations had been told to address but had not yet operationalised at the time of the Grosvenor explosion. The framework’s broader claim, for the advanced-economy major-hazard scope, is that explicit attention to all five components, with information sovereignty named and operationalised alongside the OECD-aligned four conditions, produces a more defensible design against the failure patterns the four illustrative cases document.

2. The evolution of work safety regulator function

The contemporary work safety regulator is the inheritor of a sequence of paradigm shifts, each prompted by disaster and each leaving institutional residue. The regulator operating in Australia, the United Kingdom, or any harmonised work health and safety jurisdiction today carries the accumulated assumptions of the Factory Acts tradition, the Robens-1972 framework, the Hampton-2005 risk-based proportionality model, the Löfstedt-2011 consolidation, the Boland-2018 Australian harmonisation review, the Brady-2019 Queensland fatality-cycle critique, and the contemporary inspector-identity shift documented in the recent Scandinavian and Australian empirical literature. These layers do not always sit comfortably together, and the framework articulated in Section 4 cannot be defended without first making them explicit.

2.1 The pre-Robens regulator

The pre-Robens regulator inspected against prescriptive rules and prosecuted for non-compliance. The Factory Acts tradition descending from the 1833 UK Factories Act and its 19th- and early-20th-century successors established the regulator’s basic structure: a statutory inspectorate, prescriptive standards covering specific industrial processes, a power of entry, a power to require improvements, and a power to prosecute for breach. The model was operationally robust within the manufacturing-industrial harm pattern it was designed for, but its limits were visible by the mid-20th century: the proliferation of prescriptive rules created administrative complexity inspectors could not efficiently enforce; the rules covered established industries but lagged emerging technologies; and the regulator-industry relationship was characteristically adversarial, with limited capacity for the cooperative compliance models that would later become central to the responsive-regulation tradition (Ayres and Braithwaite 1992).

The pre-Robens regulator’s operative information architecture was substantially the inspector’s work. Hawkins’s research on UK HSE inspector decision-making in the 1970s and 1980s established that the inspector’s discretion to create or not create cases from observed events is itself a constitutive regulator-design choice (Hawkins 1984, 2002). The inspector who arrived at a site, observed conditions, identified breaches, and decided which events became formal cases and which were absorbed into the routine flow was performing an information-architecture activity that the framework’s Section 4.4 information-sovereignty argument engages directly. This case-creation function has historically been the regulator’s primary information-architecture activity, with both strengths (the inspector’s local knowledge produced operationally meaningful cases) and limits (discretion was uneven across inspectors and institutional cultures). By the late 1960s in the UK, the cumulative case for legislative reform was substantial enough that the government commissioned the inquiry that would produce the Robens Report.

2.2 The Robens paradigm shift – 1972

The Committee on Safety and Health at Work, chaired by Lord Robens and reporting in 1972, articulated the paradigm that has dominated Anglo-Australasian OHS regulation ever since. The Robens Report argued that prescriptive law had reached the point of diminishing returns; that workplace accidents were primarily caused by employer and worker apathyrather than inadequate legislative coverage; and that the regulator’s central task should be to support self-regulation by duty-holders operating under goal-setting law (Committee on Safety and Health at Work 1972). The UK Health and Safety at Work etc. Act 1974 enacted the Robens model, replacing a fragmented body of prescriptive industrial legislation with a single goal-setting framework. The model flowed through to Australian and New Zealand legislation in the decades that followed, culminating in the Australian harmonised model WHS Act 2011, whose section 3 object clause (analysed doctrinally in Section 4.1) is the contemporary operative statement of the Robens-descended approach.

The contemporary historiography is critical of the Robens diagnosis. Almond and Esbester (2016) argue that the apathyexplanation was politically constructed rather than empirically demonstrated, and that the Robens framing of regulatory burden as the primary problem reflected the late-1960s and early-1970s political mood more than the evidence warranted. The critical historiography does not displace the Robens model’s practical influence, but it has consequential implications. If the apathy diagnosis was politically constructed, the operative purpose clause descending from Robens is operating on contested foundations, and the framework articulated in Section 4 cannot defend its recommendations on Robens-foundational grounds alone. The framework’s response is twofold: it takes the Robens model seriously as the operative regulatory architecture the contemporary regulator must build on, because no alternative is presently available in the Anglo-Australasian jurisdictions; but it treats the Robens apathy diagnosis as one historiographical reading rather than as settled empirical foundation. The framework’s case for explicit five-component regulator design rests on contemporary empirical evidence engaged in Sections 5 and 6, not on Robens-foundational grounds.

2.3 The post-Robens consolidation – The international context

The Robens model has been supplemented but not replaced. Two consolidating moves and one critical review warrant attention.

The Hampton Review (2005) consolidated risk-based, proportionate, advice-led regulation as the dominant procedural framework in the UK and, through UK regulatory influence on the harmonised WHS jurisdictions, in Australia. The Hampton principles, that regulatory burden on compliant businesses should be reduced, that enforcement resources should be concentrated on the highest-risk businesses, that the regulator’s primary mode should be advice and engagement rather than coercion, became the operative procedural template for the next decade. The Löfstedt Review (2011) extended Hampton with recommendations for further consolidation and simplification. The Australian harmonisation review by Boland (2018) consolidated and modernised the model WHS architecture without fundamentally challenging its Robens-era foundations; the Boland recommendations on industrial manslaughter, the gross-negligence Category 1 offence, and the consolidation of penalty levels reshaped the model WHS Act’s enforcement architecture without departing from the operative paradigm.

The Brady Review of Queensland mine fatalities (2019) sits separately. Unlike Hampton, Löfstedt and Boland, the Brady Review is critical of the operative model rather than consolidating it. The Brady fatality-cycle finding, that the Queensland mining sector exhibits periods of frequent fatalities followed by periods of few or none, with the cycle uncorrelated with substantive safety improvement, documents a sustained regulator failure mode within the operative paradigm. The Brady recommendations directed at the regulator (including adoption of the High Potential Incident Frequency Rate as a measure of reporting culture, competency requirements for inspectors, and strengthened compliance enforcement) substantially extend the operative regulator’s information architecture; they are reform recommendations against the operative model rather than consolidating recommendations within it. The framework’s Section 4.4 information-sovereignty argument extends the Brady analytical contribution.

The Robens-Hampton-Löfstedt-Boland arc plus the Brady critique is the operative Anglo-Australasian trajectory and the trajectory the present paper draws on most substantively. It is not the only relevant trajectory. The Nordic internal-control tradition (developing from the Norwegian Internal Control Regulation 1992 and the parallel Swedish, Danish, and Finnish frameworks) supplies a structurally different approach to regulator-operator relations, with stronger tripartism, more developed worker-representation infrastructure, and the dialogue-based inspection mode now visible in the contemporary literature engaged in Section 2.5. The EU Framework Directive 89/391/EEC (1989) supplies the prevention-principles architecture (Article 6) now embedded across European member-state OHS regulation. The ILO Convention 155 (1981) supplies the international-instrument foundation with its expansive definition of health (Article 3(e)) that the framework engages doctrinally in Section 4.1. The US OSHA framework (1970) operates on a Congressional-purpose foundation that explicitly recognises psychological factors and latent diseases (section 2(b)(5)–(6)). These parallel trajectories developed largely independently of the Robens-Hampton arc and supply much of the comparative material the framework draws on.

2.4 The empirical effectiveness record and the critical-degradation evidence

The post-Robens period has produced empirical evidence on regulator effectiveness substantial enough to require careful engagement. The empirical case is anchored on the Levine, Toffel and Johnson (2012) natural-experiment evidence on Cal/OSHA random-allocation inspections, examined in detail in Section 5.1. The headline finding, substantive injury reduction with no detectable business-performance impact, is the strongest single piece of contemporary evidence that inspection works. Johnson, Levine and Toffel (2023) extended the analysis with the machine-learning counterfactual finding that targeting matters more than inspection volume. Garshol, Emberland and Johannessen (2025) provide a Scandinavian-system replication in a specific sector via Norwegian Labour Inspection quasi-experimental evidence.

The same period has produced an equally substantial critical-criminological evidence base documenting regulator degradation. Tombs and Whyte (2010, 2013) document UK Health and Safety Executive enforcement decline between 1999/2000 and 2009/10: major-injury investigations fell 49 per cent; enforcement notices fell 29 per cent; prosecutions almost halved; local-authority inspections fell 86 per cent between 2009/10 and 2012/13. Tombs and Whyte (2013) further document that HSE fatal-injury data understates work-related deaths by a factor of five to six because the headline data excludes occupational disease, a structural feature of the regulator’s data architecture, not an incidental measurement error. The Tombs and Whyte contribution is not only statistical but analytical: their account treats the regulator-degradation pattern as structurally produced by a specific political-economic context, the neoliberal economic strategy of the late 20th and early 21st centuries, fiscal-austerity pressure, the Hampton and Löfstedt risk-based-proportionality framing being operationalised under reduced resourcing rather than on the procedural terms its proponents intended. The pattern was not random or contingent but produced by specific institutional and political-economic conditions. The framework engages this analytical framework directly in Section 5.6 (the deregulationist counter-position) and in Section 4.4 (the information-sovereignty condition).

The Tombs and Whyte evidence is consistent with Hopkins’s (1994) Australian-anchored critique of LTIFR as regulator direction-setting input, which pre-dates the Tombs and Whyte work and supplies the foundational analytical basis for the framework’s information sovereignty argument. The two evidence bases, empirical effectiveness and critical degradation, are in apparent tension: regulator action measurably reduces injuries when it occurs; regulator capability has substantially eroded over precisely the period the inspection-effectiveness evidence covers. Both findings are true on the available evidence. Section 5 resolves the tension structurally through the framework’s multi-source triangulation prescription: the Levine evidence is measured against compensation-claims data within a specific window of regulatory capability, and the Tombs and Whyte degradation evidence documents the erosion of that capability after the window. The framework’s structural-conditions component (Section 4.4) treats adequate resourcing and information sovereignty as constitutive design requirements rather than as contextual variables.

2.5 The contemporary inspector-practice shift

The most recent layer in the historical accumulation is the contemporary inspector-practice shift documented in the Scandinavian and broader European empirical literature. The evidence is concentrated in the Scandinavian regulatory tradition, with secondary evidence from Australia and broader European jurisdictions; its transferability to common-law adversarial regulatory cultures is an open empirical question the framework engages but does not resolve. Palmqvist, Kjaergaard and Ajslev (2026), Rudolf, Kjaergaard and Ajslev (2025), Garshol, Emberland and Johannessen (2025), and Stahl, Lundqvist and Reineholm (2025) document an evolving inspector identity that the responsive-regulation tradition (Ayres and Braithwaite 1992) anticipated but that operational practice has been slow to operationalise. The shift is from a coercive enforcer identity (the inspector who arrives, finds breach, issues notice or initiates prosecution) toward an alliance-builder identity (the inspector who arrives, engages the duty-holder in dialogue about underlying conditions, and uses formal enforcement as one tool within a wider engagement repertoire). The shift is contingent on inspector competence, on regulator capability to support the dialogue-based mode, and on the broader regulatory context. The framework treats the shift as one piece of the historical accumulation rather than as a settled global pattern, and acknowledges in Section 4.4 that the legitimacy and accountability structural condition is now being operationalised at front-line inspector practice but that the transferability of the dialogue-based inspection model to common-law adversarial regulatory cultures remains an open empirical question. Knobel and Naweed’s (2023) Australian-jurisdictional study of twenty-two WHS regulatory inspectors identifies a specific structural constraint on the alliance-builder shift: the deontological orientation that legislation imposes on inspectors, the compliance-as-ethically-good framing the prosecutor-mindset literature (Stemn et al. 2019) names, operates as a standing pull back toward the coercive-enforcer identity even where the Scandinavian dialogue-based model is the stated regulator policy. The framework treats this finding as identifying the mechanism through which the historical Robens-era enforcement-led paradigm continues to operate within institutional structures that have ostensibly evolved beyond it, and engages the analytical implications at Section 4.3 (reflexive competence) and Section 4.1 (legislative-framework critique).

2.6 What the evolution means for the framework

The historical accumulation produces a regulator operating with several layers of inherited assumptions simultaneously. The Factory Acts tradition is preserved in residual prescriptive provisions for specific high-hazard industries and in the inspector’s case-creation function (Hawkins 1984, 2002). The Robens paradigm is the operative goal-setting framework. The Hampton-Löfstedt consolidations are the procedural framework within which the goal-setting operates. The Boland consolidation and the Brady critique are the most recent operative reference points in the Australian context. The contemporary inspector-practice shift is the evolving operational front line. Beyond the Anglo-Australasian trajectory, the Nordic, EU, ILO, and US frameworks supply parallel architectures the framework’s international scope engages.

The framework articulated in Section 4 is offered as a synthesising response to this accumulation, selective rather than uniformly preserving. The Robens goal-setting paradigm is preserved as the operative regulatory architecture, because no alternative is presently available in the Anglo-Australasian jurisdictions and because goal-setting accommodates the layered causation model (Section 4.3) the framework requires. The function portfolio (Section 4.2) extends the Robens-era inspect-and-prosecute model with five additional activities the post-Robens evolution has made necessary. The Heinrich-derived LTI-rate primacy in the regulator’s KPI architecture is explicitly displaced by the layered causation model (Section 4.3) and by the information-sovereignty condition (Section 4.4), which prescribes multi-source triangulation rather than reliance on any single stream. The Hampton-Löfstedt risk-based-proportionality framing is engaged but qualified, the framework’s information-sovereignty argument treats Tombs and Whyte’s consequence-of-framing concern as a real warning about how risk-based proportionality has been operationalised under fiscal pressure (Sections 5.4 and 5.6). The framework’s contention is not that the historical layers should be uniformly unwound or uniformly preserved but that the regulator’s design should be explicit about which layers are operative for which functions. Explicit articulation of the framework’s five components is more likely to produce coherent regulator practice than implicit operation of accumulated layers.

Section 2 traced the institutional history of the work safety regulator’s function. Section 3 turns to the intellectual history of the safety-science paradigms that inform the regulator’s role. The institutional and intellectual histories are related but distinct: the institutional history concerns the regulator’s structural arrangements, while the intellectual history concerns the analytical lenses through which the regulator interprets the workplace. The framework articulated in Section 4 brings both histories together.

3. Theoretical paradigms and implied regulator roles

This paper rests on the analytical move that each major paradigm in the safety-science literature implies a different regulator role, and that the contemporary regulator operates with layers of these paradigms simultaneously. The section presents the chain of paradigms and identifies the regulator role each implies. The mapping is the synthesiser’s analytical reconstruction: Heinrich, Reason, Rasmussen, Hollnagel, and Dekker did not write primarily about regulator function, and the regulator implications drawn here are this paper’s reading of their analytical contributions, a reading consistent with the contemporary literature on the relationship between causation theory and regulatory practice (Hopkins 1994, 2008; Le Coze 2024).

The paradigms are presented in approximately chronological order of foundational publication. The chronological structure should not be read as implying that later paradigms displace earlier ones. The framework’s layered causation model (Section 4.3) treats the paradigms as operative simultaneously in the contemporary regulator’s institutional context. Heinrich’s behavioural account remains operationally influential in contemporary regulator KPI architectures; Reason’s organisational accident model remains the operative paradigm for management-systems audit; Rasmussen’s sociotechnical model is now embedded in safety-case regulatory regimes; Hollnagel’s Safety-II framework is the most contemporary paradigm but not the most authoritative one. This co-presence is taken as the analytical starting point, not as a problem to be solved by selecting a winning paradigm.

3.1 The linear and behavioural origin

Heinrich’s Industrial Accident Prevention, published in 1931 and revised through several editions, established the foundational behavioural account of workplace accident causation in the English-speaking literature. The Heinrich (1931) domino theory characterised accidents as the result of a five-link causal chain (ancestry and social environment, fault of person, unsafe act or condition, accident, injury), with the unsafe act or condition occupying the analytical centre. The Heinrich accident triangle, that for every major injury there are 29 minor injuries and 300 no-injury accidents, established the empirical method by which behavioural intervention was claimed to produce safety improvement: reduce the base of the triangle and the apex would also fall. Heinrich’s further attribution that 88 per cent of accidents are caused by unsafe acts, 10 per cent by unsafe conditions, and 2 per cent are unavoidable established the behavioural causal weighting that has dominated regulator and operator measurement practice for nearly a century.

The Heinrich framework remains operationally influential despite substantial critique. Manuele’s (2002) critical revisitation identifies that the original data files no longer exist, that the 88:10:2 ratios were revised between editions without documentation, and that reducing minor-injury frequency does not necessarily reduce major-injury frequency on modern process-safety evidence. The Texas City refinery explosion (Baker et al. 2007; United States Chemical Safety and Hazard Investigation Board 2007) is the canonical empirical falsification: BP’s low personal-injury rate was being celebrated as evidence of safety performance even as process-safety conditions deteriorated toward the 2005 explosion that killed fifteen workers. Hopkins’s (1994, 2008) Australian-anchored LTIFR critique is the foundational analytical statement of the Heinrich tradition’s limits in major-hazard process-industry contexts.

The behavioural-safety practitioner literature retains substantial defenders. Geller (1998 and subsequent), Krause, McSween, and the broader behaviour-based safety (BBS) tradition have published empirical work claiming significant injury reductions from behaviour-based interventions in specific industrial contexts. The defender position is that the behavioural framework’s empirical claims hold up in specific operational contexts, lower-hazard or repetitive-task environments where the worker’s discrete behaviour is the proximate causal factor of the harm pattern and that behavioural-based safety observation programs, with sufficient operational support and worker engagement, produce measurable injury reduction in those contexts. The critique is therefore of treating the behavioural framework as the onlyparadigm operative for the regulator, not as the wrong paradigm. The layered causation model in Section 4.3 accommodates behavioural intervention as one paradigm within a layered approach rather than as a paradigm to be replaced. The regulator that engages the behavioural paradigm appropriately recognises its operational utility in lower-hazard contexts while not relying on it as the primary direction-setting input for major-hazard process-industry oversight.

The regulator role the Heinrich tradition implies is recognisable: a regulator that inspects for unsafe acts, prosecutes for breaches involving worker behaviour, measures performance by occupational-injury frequency rate, and treats safety improvement as a behavioural-modification problem. This role has dominated OHS regulatory practice across the Anglo-Australasian-American tradition through the post-Robens period and remains operationally influential through compensation-claims data architectures and lost-time injury reporting requirements.

3.2 The organisational and systemic models

Four works between 1978 and 1997 reframed the analytical centre of accident causation from individual behaviour to organisational and systemic features.

Turner’s Man-Made Disasters (1978, revised with Pidgeon in 1997) introduced the concept of the incubation period, the months or years during which an organisation accumulates signals of approaching catastrophic failure that it does not act on because of cultural normalisation, information-handling problems, and reluctance to engage worst-case outcomes (Turner and Pidgeon 1997). Pidgeon and O’Leary (2000) extended the framework to characterise the regulator’s role as that of an external information processor, an entity that can hold the whole picture when no internal organisational actor can. The Turner-Pidgeon model implies a regulator that monitors for incubation-period signals, has access to operator data the operator’s own management may not be integrating, and engages organisational learning as a constitutive regulator function.

Perrow’s Normal Accidents (1984, revised 1999) examined catastrophic accident causation in high-hazard technological systems. Perrow’s analytical move was to characterise certain systems as inherently accident-prone because of their combination of interactive complexity (failures interact in unanticipated ways) and tight coupling (failures propagate through the system before intervention can occur). The model implies a regulator that recognises some industries as structurally more accident-prone than others, engages safety-case demonstration and design-basis review rather than operational compliance audit, and accepts that catastrophic accidents in certain industries are statistically inevitable and must be designed against rather than inspected away.

Reason’s organisational accident model is more sophisticated than the Swiss Cheese metaphor that often substitutes for it. The model, articulated across Human Error (1990), Managing the Risks of Organizational Accidents (1997), and subsequent literature, proceeds from a distinction between active failures (unsafe acts by front-line workers, including errors, lapses, mistakes, and violations) and latent failures (organisational decisions, system designs, management practices, and resource allocations that create the conditions for active failures to produce harm). Reason’s analytical contribution is to identify four levels at which defensive layers can fail: organisational influences, unsafe supervision, preconditions for unsafe acts, and the unsafe acts themselves. The Swiss Cheese metaphor captures the levels-and-alignment structure visually but understates the substance of the framework. The four-level structure permits the regulator to engage upstream of the active failure; the active/latent distinction permits recognition that the proximate cause is rarely the analytical centre. The Reason model implies a regulator that audits management systems (because organisational decisions are causally upstream of unsafe acts), investigates incidents to identify the four-level structure of latent failures, and engages duty-holders in management-system reform across all four levels rather than only in worker-behaviour modification at the unsafe-acts level.

Rasmussen’s Risk Management in a Dynamic Society (1997) is the most ambitious of the four reframings. Rasmussen modelled safety as a sociotechnical control problem in which multiple actors at multiple levels interact within a system whose performance is bounded by a boundary of acceptable risk. The drift concept, operational practice migrates toward the boundary under economic and time pressures, and safety failure occurs when the drift crosses the boundary undetected, is the most-cited feature, but it is one feature of the model rather than its analytical centre. The analytical centre is the multi-level structure of the sociotechnical system itself: government and regulators at the top, operating companies and management below them, system operators below them, and the technical-process operations at the base. Each level operates with its own goals, constraints, and information flows; safety performance depends on the coordination between levels, on each level’s understanding of the others, and on the feedback loops that connect them. The model implies a regulator that operates as one control node within the broader sociotechnical system, monitors for drift through leading-indicator data architectures, and engages the regulator-operator-worker relationship as a multi-level system rather than a regulator-regulated dyad. The framework’s Section 4.4 information-sovereignty argument is in substantial part a Rasmussen-derived argument about the regulator’s information flows within the multi-level structure.

The four organisational and systemic models share a common analytical move: they relocate the centre of accident causation from the individual worker to the organisation and the wider sociotechnical system. The regulator role they jointly imply is one that audits management systems, monitors leading indicators, investigates incidents to identify latent and systemic causes, and engages the wider sociotechnical context rather than treating the operator-regulator relationship as bilateral. The framework’s layered causation model (Section 4.3) treats the organisational and systemic models as operative paradigms the regulator should hold simultaneously with the behavioural paradigm rather than as paradigms that displace it.

3.3 The contemporary paradigms

The contemporary safety-science literature (broadly, the period from 2000 onward) extends the organisational and systemic tradition in several directions.

Hollnagel’s Safety-II framework, articulated across Safety-I and Safety-II (2014), the Functional Resonance Analysis Method (FRAM), and the Efficiency-Thoroughness Trade-Off (ETTO) principle, reframes safety as the question of what makes things go right rather than only what makes things go wrong (Hollnagel 2014). The paradigm proposes that the regulator should study successful adaptive performance under varying conditions, recognise that operational systems function through worker adaptation rather than rule compliance alone, and engage the work-as-done versus work-as-imagined gap as a constitutive feature of operational reality. The Safety-II model implies a regulator that observes operational practice rather than only auditing documented procedure, engages adaptive capacity rather than only rule compliance, and treats variation in operational performance as a normal feature rather than as an anomaly to be eliminated. Safety-II is more contested in the contemporary literature than the framework’s engagement might suggest; defenders argue it captures the adaptive performance that constitutes operational reality, while critics argue it is more aspirational than operational and that the work-as-done framing obscures the regulator’s legitimate interest in rule compliance. Safety-II is treated here as one paradigm within the layered causation model rather than as a settled operational replacement for the Safety-I tradition.

Dekker’s Drift into Failure (2011) extends Rasmussen’s drift model with the proposition that organisational drift toward catastrophic failure is often not detectable through monitoring of individual indicators because the drift is constituted by gradual normalisation of small deviations rather than by visible breach of any single threshold. The framework implies a regulator that monitors trend patterns rather than only individual incidents, engages the organisational meaning-making processes by which deviations come to be normalised, and treats intervention in drift as a different kind of activity from response to acute incident. Dekker’s Just Culture (multiple editions) extends this with the analytical framework for distinguishing acceptable from unacceptable behaviour in the aftermath of incident, a framework with direct implications for the regulator’s investigation and enforcement functions.

Hudson’s safety culture maturity ladder (Hudson 2007) and the Hearts and Minds programme propose a developmental sequence of organisational safety cultures from pathological through reactive, calculative, proactive, to generative. The framework is less directly an accident-causation paradigm and more a developmental account of organisational safety capability; its regulator implications are that the regulator should engage operators at the maturity level they actually occupy rather than at a uniform standard, and that progression up the maturity ladder is a constitutive operator activity the regulator should support and assess. The developmental-sequence framing has been critiqued in the contemporary literature for being too linear; operators in practice exhibit different maturity levels across different dimensions, and a strict linear reading may misread operational complexity. The maturity ladder is treated as a useful diagnostic tool while recognising that operational reality may require lateral rather than linear engagement.

Weick and Sutcliffe’s Managing the Unexpected (2007) draws on high-reliability organisation theory to propose that effective complex-system management requires mindful organising characterised by preoccupation with failure, reluctance to simplify, sensitivity to operations, commitment to resilience, and deference to expertise. The HRO model implies a regulator that engages operators as collaborative partners in the maintenance of mindful organising rather than as adversaries to be inspected, values the capacity to anticipate and contain unexpected events alongside the capacity to comply with rules, and supports the cultural conditions for high reliability rather than only enforcing the procedural ones.

Leveson’s Systems-Theoretic Accident Model and Processes (STAMP), and its associated tools STPA and CAST (Leveson 2012), reframe accident causation as a control-theory problem in which safety is maintained through hierarchical control structures and accidents result from inadequate control rather than from component failure alone. The STAMP framework implies a regulator that engages the control structure of the regulated activity rather than the component-level technical specifications, uses systems-theoretic incident-analysis methods (such as CAST) in its investigation function, and treats regulator-operator interaction as a control-theory relationship in which the regulator’s enforcement actions are themselves part of the system being controlled.

The contemporary paradigms share, across their differences, a common refusal of the behavioural-causation account that Heinrich established. They also share a common implication for regulator practice that is more demanding than the post-Robens framework specifies: the regulator that engages these paradigms must do substantively more than inspect and prosecute. The framework’s function portfolio component (Section 4.2) extends the post-Robens function set in response, and the layered causation model (Section 4.3) treats the contemporary paradigms as operative alongside the earlier paradigms rather than as displacing them.

3.4 The critical sociology of safety

Two further voices warrant attention because they engage the political-economy and organisational-power dimensions the paradigms surveyed above do not directly address.

Vaughan’s The Challenger Launch Decision (1996) is the foundational text on the normalisation of deviance, that catastrophic failure in high-reliability organisations is often the cumulative product of incremental normalisation of small deviations that the organisation came to treat as acceptable over time. The Vaughan framework engages the organisational-cultural conditions under which deviations come to be normalised, identifies the structural features that make normalisation likely (production pressure, schedule constraints, hierarchical decision-making, technical-cultural drift), and implies a regulator role that engages the cultural conditions of operational normalisation rather than only the technical conditions of operational compliance.

Le Coze’s recent work provides the critical European voice on the political economy and bureaucratic-organisational dynamics of safety regulation that the Anglo-American literature surveyed above largely does not engage. Three contributions warrant specific attention. NASA, SpaceX, Safety and (Post) Bureaucracy (Le Coze 2024) engages the relationship between organisational form (bureaucratic, post-bureaucratic, networked) and safety performance: the safety frameworks developed in the bureaucratic-organisational context of the late 20th century (Reason, Rasmussen, the early Hollnagel) may not map cleanly onto the post-bureaucratic operational forms now characteristic of platform companies, agile-organisational structures, and gig-economy operators. The implications for regulator engagement with these post-bureaucratic operators are direct: the regulator’s traditional management-system audit assumes a bureaucratic-organisational structure the operator may not have. Coupling and Complexity at the Global Scale (Le Coze 2023) engages transnational coupling, contemporary operational systems are coupled across national jurisdictions in ways the nation-state regulatory architecture is not configured to address. The Brumadinho case (Section 6.3) is one example. The Untold Story of Behaviour-Based Safety (BBS) (Le Coze 2026) engages the historical-sociological context within which behavioural and organisational paradigms have come to dominate safety practice, providing the political-economic counterpart to the Manuele (2002) empirical critique of Heinrich. The Le Coze voice is the non-Anglo-American critical-sociology voice the framework’s evidence base requires; the framework engages it directly in Section 4.5 (wider prevention ecosystem) and in the deregulationist counter-position discussion in Section 5.6.

3.5 The mapping to regulator function

The paradigms surveyed above each imply a different regulator role. Table 1 sets out the mapping. The mapping is the synthesiser’s analytical reconstruction rather than a finding of the underlying theorists; the table is read with that qualification in view.

Table 1

Accident-causation paradigms and their implied regulator roles

Section 4’s framework, and the layered causation model in Section 4.3 specifically, treats the paradigms summarised in Table 1 as operative simultaneously rather than as paradigms that displace each other historically. The contemporary regulator does not choose between Heinrich, Reason, Rasmussen, Hollnagel, and Dekker; the contemporary regulator operates within an institutional context in which all are present at some level of regulatory practice, and the analytical move is to make the presence explicit so that regulator design can be coherent rather than implicit.

4. A framework for regulator function and purpose

This section articulates the paper’s central contribution. The five-component framework, purpose, function portfolio,layered causation model, structural conditions, and wider prevention ecosystem, proposes that contemporary regulator design is structurally inadequate without explicit attention to all five components. It integrates existing scholarship instead of displacing it; the originality lies in the integration and in two specific additions: the doctrinal grounding of an expanded purpose clause in international instruments, and the identification of information sovereignty as a fifth structural condition constitutive of effective regulation.

Its primary application is to major-hazard regulation in advanced economies, where the evidence base is strongest. Application to low-hazard sectors (offices, retail, education, hospitality, where catastrophic-risk failure is less probable and the Hopkins occupational-vs-process safety distinction is less consequential) and to developing-economy regulation (where structural-condition constraints are more severe) requires modified application the present paper does not attempt. What follows is offered as a normative reconstruction of what the regulator in advanced-economy major-hazard sectors should be.

4.1 Purpose

The first question to put to any regulatory framework is what work-related harm it is constituted to address. Doctrinal comparison of the five most influential statutory and treaty instruments, the Australian model Work Health and Safety Act 2011 section 3, the United Kingdom Health and Safety at Work etc. Act 1974 section 1, the United States Occupational Safety and Health Act 1970 section 2, the European Council Directive 89/391/EEC Article 1, and International Labour Organization Convention 155 (1981) Articles 3 and 4, establishes convergence on a core conception of work-related harm with significant divergence at the margins. This doctrinal foundation, considered against the contemporary harm pattern, requires consolidation rather than the silent extension that has characterised the past two decades of regulatory practice.

The most consequential point of divergence is the breadth of the concept of “health”. Article 3(e) of ILO Convention 155 (International Labour Organization 1981) defines health expansively: “the term health, in relation to work, indicates not merely the absence of disease or infirmity; it also includes the physical and mental elements affecting health which are directly related to safety and hygiene at work”. The EU Framework Directive incorporates this ILO definition by reference (European Council 1989; European Agency for Safety and Health at Work 2025). The United States Occupational Safety and Health Act 1970 section 2(b)(5) and (6) operationalise the broader scope without the expansive ILO formulation, explicitly mentioning “psychological factors” in occupational health research and “latent diseases” and the obligation to establish “causal connections between diseases and work in environmental conditions” (United States Congress 1970). The Australian model WHS Act section 3(1)(a) and the UK Health and Safety at Work Act 1974 section 1(1)(a) use the formula “health, safety and welfare” without expansive definition (Parliament of Queensland 2011; Parliament of the United Kingdom 1974). The term “welfare” has not been doctrinally developed in Australian or UK case law to extend explicitly to mental harm.

The doctrinal position must be carefully stated. The Australian and UK statutory purpose clauses do not explicitly include the expanded health concept that ILO Convention 155 articulates. The operative regulatory regime, the subordinate instruments, codes of practice, and regulator guidance issued under those statutory frameworks, has progressively expanded over the past decade to address psychosocial hazards explicitly. The Victorian Occupational Health and Safety (Psychological Health) Regulations 2025, the New South Wales WHS Amendment Regulation 2022, and equivalent provisions in other Australian jurisdictions now operationalise the psychosocial-hazard regime the statutory purpose clause does not itself articulate. The proposed expansion of the purpose clause set out below is best understood as consolidating in statute what is already happening in subordinate instruments, not as introducing something the operative regime has never addressed. This framing is more honest than “catch-up with international standards” alone, although the catch-up framing remains accurate at the statutory-purpose level.

Three further doctrinal observations follow. The scope of who is protected differs across the five frameworks: the UK formulation is broadest on public-protection grounds, the Australian model follows with “workers and other persons”, the US Act protects working persons without extending doctrinally to third parties, and the ILO Convention defines workers as “all employed persons” (a definition that excludes self-employed platform workers by design, European Agency for Safety and Health at Work 2024). The framing differs in tone, Australian programmatic, UK deontic, US teleological with thirteen enumerated means, EU aspirational, ILO policy-oriented. Every framework qualifies the absolute principle with some version of the reasonably-practicable test, which places the information sovereignty condition developed in Section 4.4 in a particular light: feasibility cannot be assessed without good data, and a regulator that lacks information sovereignty over its data architecture cannot defend a reasonably-practicable judgement.

None of the five purpose clauses explicitly mentions psychosocial hazards, gig and platform work, climate-driven occupational exposures, contemporary long-latency disease patterns, or Indigenous regulatory standpoints. These are the doctrinal absences against which the proposed expansion is directed.

On this analysis, the work safety regulator’s statutory purpose clause should be expanded to cover work-related harm in all its contemporary forms, physical and psychological, acute and chronic, direct and indirect, within and beyond the conventional employer-employee relationship. The proposed clause builds on the ILO Convention 155 Article 3(e) definition of health and on the US OSH Act 1970 section 2(b)(5) and (6) recognition of psychological factors and latent disease, extends them to harm types the existing doctrinal foundation does not yet reach (gig and platform work, climate exposure, supply-chain harm), and consolidates in statute the expanded scope that the operative regulatory regime has been progressively addressing. The recommendation rests on the analytical judgement that explicit statutory recognition is more stable, more defensible against legal challenge, and more consequential for regulator practice than implicit extension through subordinate instruments. The recommendation also rests on empirical support from inside the regulator: Knobel and Naweed’s (2023) study of twenty-two Australian WHS regulatory inspectors finds that “legislative frameworks do not fully reflect the contemporary evidence base” and calls for “research to develop an evidence base that can be considered when developing or amending legislative provisions”, supplying regulator-side empirical underpinning for the purpose-clause-expansion argument the doctrinal analysis advances. The deeper engagement with Knobel and Naweed’s findings on regulatory-context tunnel vision is in Section 4.3.

4.2 Function portfolio

The second question to put to a regulatory framework is what the regulator is constituted to do? The conventional answer, descended from the Robens model (Committee on Safety and Health at Work 1972), characterises the regulator’s function as inspection and enforcement supplemented by advice. This characterisation is descriptively inadequate to contemporary regulator practice. The contemporary regulator’s function is best understood as a portfolio of eight distinguishable activities.

The eight activities are: standards-setting and rule-making; authorisation, licensing, and approvals; information, education, and advice; compliance monitoring through inspection and audit; investigation following incidents; enforcement through notices, prosecutions, and enforceable undertakings; learning and policy revision; and data architecture, the collection, analysis, publication, and critical interrogation of the data on which direction-setting depends. Seven of the eight are well-attested in the regulatory-theory literature (Ayres and Braithwaite 1992; Sparrow 2000; Baldwin, Cave and Lodge 2012). The eighth, data architecture, is the framework’s addition, developed below in Section 4.4 as a structural condition and in Section 5 as an empirical concern, warranting separate recognition here as a constitutive regulator function rather than as administrative support.

The correspondence between the framework’s eight activities and the Australian model WHS Act section 3 objects is partial rather than complete. Four activities correspond directly to section 3 objects: information, education and advicemaps to s 3(1)(d); compliance monitoring and enforcement are collapsed into s 3(1)(e); learning and policy revision maps to s 3(1)(g). The remaining four, standards-setting and rule-making, authorisation and licensing, investigation, and data architecture, are not directly visible in section 3, although standards-setting and authorisation are operationalised through other Act provisions (most notably Parts 4 and 9 of the Queensland WHS Act 2011, Parliament of Queensland 2011) and investigation is implicit in the compliance-and-enforcement object. Data architecture has no doctrinal anchor in section 3 at all. The eight-activity portfolio is best understood as an extension of the Australian doctrinal foundation rather than as a complete restatement.

The portfolio is, as the term implies, not a set of alternatives. The contemporary regulator must do all eight activities competently; emphasising one at the expense of others compromises function. Effective enforcement depends on competent investigation; investigation depends on adequate compliance monitoring; monitoring depends on the data architecture; the data architecture depends on standards-setting; standards-setting depends on learning and policy revision. The activities are reciprocally reinforcing in operational practice. The contemporary inspector-practice literature (Palmqvist, Kjaergaard and Ajslev 2026; Rudolf, Kjaergaard and Ajslev 2025; Stahl, Lundqvist and Reineholm 2025) shows that the advice and compliance monitoring activities are evolving substantially through dialogue-based inspection models, a shift the portfolio characterisation accommodates without strain.

The eight-activity portfolio extends rather than replaces the regulatory-craft tradition. Sparrow’s The Regulatory Craft (2000) advances the proposition that the regulator’s logically prior function is problem-solving, the diagnosis and resolution of specific compliance and harm problems, and that enforcement, advice, and inspection are instruments selected to serve the problem-solving task. The eight-activity portfolio is consistent with Sparrow’s intellectual move: problem-solving operates across the portfolio rather than as a ninth activity, with the regulator’s diagnostic competence determining which activity (or combination of activities) is deployed against any specific problem. Gunningham, Grabosky and Sinclair’s Smart Regulation (1998) and Gunningham and Johnstone’s Regulating Workplace Safety (1999) develop the case for instrument-pluralism, the proposition that effective regulation uses multiple instruments (command-and-control, market-based, self-regulation, information-disclosure) in deliberate combination rather than relying on any single instrument. The eight-activity portfolio is the work-safety-specific operationalisation of instrument-pluralism: each activity is an instrument of the regulator’s broader function, and the portfolio’s coherence depends on deliberate combination rather than on emphasis of any single activity. Baldwin, Cave and Lodge’s Understanding Regulation (2012) supplies the broader regulatory-theory frame within which the portfolio sits, the framework’s eight activities operationalise within work-safety regulation the more general regulatory-function taxonomy Baldwin, Cave and Lodge articulate at the level of regulatory theory across domains. Parker’s responsive-regulation extensions (Parker 2002, 2013) bear on how the portfolio’s enforcement and advice activities are sequenced over time against any single duty-holder, the portfolio is the structural claim, responsive-regulation supplies the temporal-sequencing claim, and the two are compatible rather than in tension. Yeung’s work on regulatory design (Yeung 2010; Yeung and Lodge 2019) bears specifically on capture-risk in the data-architecture activity, a connection developed at Section 4.4 below.

On this analysis, the work safety regulator’s function should be designed and resourced as an integrated eight-activity portfolio, with explicit recognition that data architecture is a constitutive activity rather than administrative support. The recommendation rests on the empirical evidence in Section 5 that data architecture is currently treated as administrative support in most regulator practice, on the analytical claim developed in Section 4.4 that this treatment compromises the regulator’s other functions, and on the regulatory-craft and instrument-pluralism positions that the regulator’s competent operation depends on deliberate combination across the portfolio rather than on emphasis of any single activity.

4.3 The layered causation model

The third question to put to a regulatory framework is what conceptual lens it uses to interpret the events it must regulate. The conceptual lens determines what the regulator looks for, what it counts, what it ignores, and what it acts upon. Different lenses produce different regulators.

The safety-science literature offers a chain of accident-causation paradigms, each implying a different regulator role. The Heinrich linear-behavioural model (Heinrich 1931; critiqued in Manuele 2002) implies a regulator focused on individual unsafe acts and using lost-time injury frequency rates as primary metrics. The Reason organisational-accident model (Reason 1990, 1997) implies a regulator focused on latent organisational failures and management-systems audit. The Rasmussen sociotechnical drift model (Rasmussen 1997) implies a regulator operating as one control node within a hierarchical sociotechnical system and using leading indicators of drift. The Hollnagel Safety-II / resilience-engineering paradigm (Hollnagel 2014) implies a regulator focused on work-as-done variability rather than work-as-imagined rule compliance. The mapping is set out in Table 1.

On this view, the contemporary regulator should hold all of these paradigms simultaneously, a layered causation model, rather than select one. The proposition is normative rather than descriptive: in practice, most regulators operate with one paradigm in their primary KPI architecture (typically Heinrich-derived) and successive paradigms in subsidiary frameworks and codes of practice. The result is a regulator whose stated paradigm and operational paradigm diverge, and whose KPI architecture is misaligned with its stated purpose.

The layered model gives rise to an unavoidable problem: the paradigms imply different operational decisions, and the regulator must have a way of resolving the conflicts. Heinrich’s behavioural focus implies inspecting for unsafe acts; Reason’s organisational accident model implies auditing management systems; Rasmussen’s drift model implies monitoring sociotechnical-system leading indicators; Hollnagel’s Safety-II implies observing work-as-done variability. A regulator that genuinely holds all four simultaneously must choose, on any given operational decision, which paradigm to apply. What follows operationalises the layered model, risk classes, decision rule, paradigm-conflict resolution, and the institutional competence on which the choice between paradigms depends, to give the regulator a defensible basis for that choice.

Risk classes.

The framework distinguishes four risk classes against which the choice of paradigm is made. Class A, minor occupational risk covers high-frequency, low-consequence acute injury in stable operations (slips, trips, minor manual handling, cuts in retail or office settings). Class B, serious occupational risk covers high-consequence acute injury or chronic occupational disease in conventional employer-employee relationships (machinery contact in manufacturing, chronic noise or silica exposure, falls from height in construction). Class C, major-hazard process risk covers low-frequency, catastrophic-consequence failure in tightly-coupled complex operations (petroleum process, refining, underground mining, tailings management, major chemicals). Class D, emergent and complex-adaptive risk covers harm patterns arising from system-level adaptation rather than from identifiable operational failure (psychosocial harm, multi-party contracting chains, climate-driven exposure, supply-chain-mediated harm). The classes are not exhaustive of every operational decision the regulator faces, and individual workplaces commonly span multiple classes simultaneously, but they are operationally distinguishable on the dimensions that matter for paradigm choice (consequence severity, system coupling, time horizon of harm, and identifiability of operational failure).

Decision rule.

The paradigm chosen should be the one most consequentially appropriate to the risk class of the situation. For Class A, the Heinrich behavioural focus is operationally efficient and substantively adequate: the harm pattern is reasonably explained by individual unsafe acts and the cost of more elaborate analytical machinery is not justified by the harm-prevention return. For Class B, the Reason organisational-accident model is the primary paradigm, the harm pattern reasonably traces to latent organisational failure (training, procedures, supervision, system design) and management-systems audit is the appropriate operational expression. For Class C, the Rasmussen sociotechnical-drift model is the primary paradigm and is non-substitutable by the Heinrich or Reason paradigms, the harm pattern does not trace to identifiable operational failure but to the cumulative migration of normal operations toward the boundary of acceptable risk, and only the Rasmussen model captures the phenomenon analytically. For Class D, the Hollnagel Safety-II / resilience-engineering paradigm is the primary paradigm, the harm pattern is emergent from system-level adaptation and is best engaged through observation of work-as-done variability rather than work-as-imagined rule compliance. The decision rule has a non-degradation principle: in any class, the regulator may apply a paradigm appropriate to a higherrisk class (more analytically demanding) but may not apply a paradigm appropriate to a lower risk class (less analytically demanding) without explicit justification. The principle is asymmetric because the error costs are asymmetric: applying Class C-appropriate analytical machinery to a Class A situation produces over-engineered regulation at modest welfare cost, but applying Class A-appropriate analytical machinery to a Class C situation produces catastrophic-risk blindness at high welfare cost. The Texas City case (Section 6.2) is the canonical illustration of the latter error and its operational consequence.

Paradigm-conflict resolution.

The Reason and Hollnagel paradigms are in apparent theoretical tension on a question the regulator must resolve operationally: whether the regulator should construe operational variability primarily as deviation from a defined safe state (Reason) or as a structural feature of work-as-done that ordinarily produces safety and only occasionally produces harm (Hollnagel). The tension is most acute in major-hazard process operations where both paradigms can be plausibly applied. The framework’s resolution is not to choose one paradigm over the other but to assign each to the analytical task it is best suited for. The Reason model is most useful for retrospective analysis of identified failures, where the latent-conditions structure provides a defensible analytical scaffold for organisational-accident investigation; the Hollnagel paradigm is most useful for prospective analysis of normal operations, where the resilience-engineering focus on work-as-done variability provides analytical purchase on conditions the Reason model treats as ordinary background. The two paradigms operate at different temporal stances toward the same operation, and the regulator that uses each for its appropriate analytical task, Reason for investigation, Hollnagel for proactive monitoring, captures the analytical value of both without forcing a false choice. The framework treats this as a complementary-paradigms position on the Reason-Hollnagel debate that the safety-science literature has not always rendered with full operational clarity (compare Hollnagel 2014 with Reason 2008; the Le Coze 2023, 2024, 2026 work attempts a similar reconciliation at the theoretical level).

• Institutional competence. The decision rule and conflict-resolution architecture presuppose institutional competence that does not arise automatically. The regulator’s institutional competence in the layered-causation domain has three components.
• Diagnostic competence is the capacity to identify, on inspection or investigation of a workplace, which risk class is operationally relevant. Analytical competence is the capacity to apply the paradigm appropriate to the identified risk class, for example, to conduct a Rasmussen-style drift analysis on a major-hazard operation rather than collapse the analysis into Reason-style management-systems audit.
• Reflexive competence is the capacity to recognise when the regulator’s own paradigm-choice habits are inappropriate to the operational reality, most acutely, the capacity to recognise when the regulator’s KPI architecture (typically Heinrich-derived) is masking Class C or Class D harm patterns.

The three competences are not currently developed at parity across inspector cohorts; the regulatory-craft tradition (Sparrow 2000) and the structural-conditions analysis in Section 4.4 (technical-competence condition) bear on the institutional design through which the competences are developed and maintained. The Knobel and Naweed (2023) qualitative study of twenty-two Australian WHS regulatory inspectors provides direct empirical support for the reflexive-competence component the framework articulates here, and provides three further contributions warranting explicit engagement. First, Knobel and Naweed find that the regulatory context narrows inspector causation analysis toward immediate causes of breach, that systems thinking is commonly misattributed to procedures, processes, and policies (the safety-management-systems framing) rather than to the multi-level interactive view the paradigm requires, and that this produces a “tunnel-vision” pattern in inspector decision-making, an inability or reluctance to consider analytical alternatives to the regulatory context’s preferred line of thought. The framework treats this as an empirical demonstration of the reflexive-competence deficit the layered model identifies: when the regulator’s KPI architecture and legislative framing pre-orient inspector attention toward immediate-cause / SMS-element analysis, inspectors are structurally positioned not to recognise when a Class C or Class D operational reality requires a different analytical paradigm.

Second, Knobel and Naweed use Rasmussen’s (1997) risk-management framework as the primary theoretical lens for their analysis, locating the WHS regulatory inspector near the top of Rasmussen’s sociotechnical system structure and showing that even inspectors located at this analytical level operate within a regulatory context that constrains their use of the Rasmussen paradigm. The Knobel and Naweed grounding therefore supports the framework’s Class C / Rasmussen paradigm-choice architecture more strongly than a generic systems-thinking finding would: the empirical demonstration that inspectors cannot fully apply the Rasmussen paradigm even when the regulatory context is the appropriate analytical lens reinforces the non-degradation principle’s asymmetric error-cost analysis. Third, Knobel and Naweed engage the “prosecutor mindset” identified by Stemn et al. (2019) and characterise the inspector’s deontological orientation (compliance-as-ethically-good framing) as the structural lens through which the regulatory context’s tunnel-vision pattern is operationally produced. They are explicit that “legislation imposes obligation, which promotes this type of philosophy, and brands compliance as ‘good’ or ethical”. The framework treats this as identifying the mechanism by which the reflexive-competence deficit is institutionally sustained: the deontological framing is itself the operational expression at the inspector-individual level of the Heinrich-derived paradigm-choice the framework’s Class A decision rule identifies.

The cross-domain parallels Knobel and Naweed draw to tunnel vision in criminal justice (Findley and Scott 2006) and workplace-incident investigation (MacLean 2022) further indicate that the tunnel-vision pattern is structural to regulator architecture rather than WHS-specific. The institutional-design implication is that reflexive competence cannot be developed by inspector training alone, it requires the KPI architecture, legislative framing, and deontological / prosecutorial orientation to be deliberately surfaced and engaged, which in turn bears on the framework’s information-sovereignty condition (Section 4.4) and its headline-metric-capture failure mode (F5), and on the legislative-framework engagement at Section 4.1.

The most consequential operational implication is the occupational-vs-process safety distinction articulated by Hopkins (1994, 2008, 2012). The 1994 Limits of Lost Time Injury Frequency Rates paper established that LTI-based metrics are “more sensitive to claims and injury management processes than to real changes in safety performance” (Hopkins 1994: 31), statistically insignificant at workplace level, and silent on how the most serious hazards are managed. The 2005 Texas City refinery explosion, in which BP’s low personal-injury rate masked deteriorating process-safety performance, became the canonical empirical demonstration (Baker et al. 2007; United States Chemical Safety and Hazard Investigation Board 2007; Hopkins 2008). The Baker Panel and the CSB report converged on a finding the framework treats as central: a regulator that uses occupational-injury metrics as its primary measure of safety performance is structurally blind to catastrophic-risk failures, because the metric registers what is frequent rather than what is consequential. The Hopkins distinction is an operational consequence of the layered causation model, specifically the consequence of applying a Class A-appropriate paradigm (Heinrich behavioural focus) to a Class C operation (major-hazard process) in violation of the non-degradation principle articulated above.

the regulator’s underlying causation model should likely be explicitly stated

On the analytical position offered here, the regulator’s underlying causation model should likely be explicitly stated, the model should be layered rather than singular, the regulator’s KPI suite should reflect the layered model, the LTI rate alone is inadequate, management-systems audit alone is inadequate, and work-as-done observation should sit alongside both, and the regulator’s institutional competence should include the three competences (diagnostic, analytical, reflexive) the decision rule presupposes. The Gunningham, Grabosky and Sinclair Smart Regulation (1998) tradition supports this position by treating instrument choice as itself a substantive regulator judgement, and Sparrow’s The Regulatory Craft(2000) extends it by characterising the regulator’s problem-solving function as logically prior to its enforcement function, both intellectual moves the framework’s risk-class / paradigm-choice architecture operationalises in the specific context of work safety regulation.

4.4 The five structural conditions

The fourth question is what the regulator must be, internally, to perform its function competently. The OECD-aligned literature has converged on four structural conditions, independence, technical competence, adequate resourcing, and legitimacy with accountability (Organisation for Economic Co-operation and Development 2014, 2017, 2022; Maggetti 2010). Other strands emphasise different first-order conditions: the responsive-regulation tradition emphasises responsiveness (Ayres and Braithwaite 1992); the critical-criminological tradition emphasises political will and resourcing (Tombs and Whyte 2010, 2013); the critical-legal tradition emphasises democratic accountability. This paper adopts the OECD-aligned framing while acknowledging it is one position among several, and proposes a fifth condition the OECD-aligned literature does not name explicitly: information sovereignty.

Independence is the regulator’s structural separation from the activity it regulates. Hopkins (2012) makes independence constitutive of safety case regimes, which “almost certainly fail” where the regulator is not independent and technically competent. The 2010 Macondo / Deepwater Horizon experience confirmed this empirically through structural reform: the United States Minerals Management Service was split into three agencies after the blowout precisely because its dual mandate (revenue collection and safety enforcement) constituted a structural conflict of interest (National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling 2011). The Cullen Report had made the same point twenty years earlier in the UK, recommending that offshore safety regulation be moved from the Department of Energy, which promoted production, to the Health and Safety Executive (Cullen 1990). The OECD Creating a Culture of Independenceoperationalises the condition across five dimensions: role clarity, transparency and accountability, financial independence, independence of leadership, and staff behaviour and culture of independence (Organisation for Economic Co-operation and Development 2017).

Technical competence is the regulator’s capacity to evaluate the safety arguments presented to it on terms credible against the technology and operations it is regulating. Hopkins (2012) treats competence as constitutive alongside independence; without technical depth, the regulator’s evaluation degenerates into rubber-stamping. The Columbia Accident Investigation Board report (2003) and the Brady Review of Queensland mine fatalities (Brady 2019) both identified competence deficits as proximate causes of consequence, of the Columbia accident itself in NASA’s case, and of the fatality cycle in Queensland’s. The inspector continuing-professional-development literature (Victorian Commission for Gambling and Liquor Regulation 2017) establishes that inspector competence is not an operational detail but a constitutive regulator design property.

Adequate resourcing is the regulator’s capacity to deliver on its mandate at scale. The OECD Equipping Agile and Autonomous Regulators report frames resourcing as constitutive rather than contextual (Organisation for Economic Co-operation and Development 2022); the empirical record of regulator funding cuts shows what under-resourcing produces. The UK HSE provides the canonical case: the British Safety Council (2023), drawing on HSE Annual Report data and Prospect union estimates, characterises the 2010–2019 decline as approximately a 45 per cent cash-term reduction in core grant-in-aid funding, a 35 per cent staff reduction, and an 18 per cent inspector reduction. Proactive inspections fell from over 25,000 per year before 2010 to a target of 14,000 in 2022/23; mandatory investigations cancelled because of insufficient resources rose nearly two-hundredfold between 2016/17 and 2021/22 (British Safety Council 2023). The Brazilian federal regulators show a structurally parallel pattern (Regulatory Studies Center 2025): agencies lose flexibility before they lose formal mandate. A regulator with statutory authority but inadequate resourcing is not a functioning regulator, it is a symbolic regulator.

Legitimacy and accountability is the regulator’s standing to act, sustained by transparent decision-making, scrutiny, and public confidence. Maggetti (2010) makes the theoretical point that no single dimension can carry the legitimacy load, autonomy, performance, and accountability must be balanced and the OECD governance-of-regulators principles (Organisation for Economic Co-operation and Development 2014) operationalise this in seven principles for independent regulator governance. The contemporary inspector-identity work (Palmqvist, Kjaergaard and Ajslev 2026; Rudolf, Kjaergaard and Ajslev 2025) shows that legitimacy is now being operationalised at the level of front-line inspector practice through dialogue-based inspection models. Legitimacy is not only an institutional property but a practice property.

Information sovereignty is the framework’s fifth structural condition and its principal original contribution. The condition is the regulator’s capacity to control, verify, and critically interrogate the multiple information streams on which its direction-setting depends. It is best understood against the historical information architecture of OHS regulation. The dominant information sources available to regulators have been and largely remain, three. Self-reporting by regulated organisations supplies incident reports, near-miss reports, exposure-monitoring data, and certifications. In-field reports from employees supply worker complaints, health and safety representative escalations, and whistleblower disclosures. Reports from members of the public supply third-party complaints. Each has well-documented limitations. Self-reporting is subject to under-reporting incentives that compound over supply chains and contracting relationships, particularly where reputation or contractual eligibility depends on injury-rate disclosure (Wuellner, Adams and Bonauto 2016). Worker reports are constrained by fear of reprisal and the inadequately developed worker-representation infrastructure that the Walters and Nichols (2007) prevention-triangle work documents. Public complaints are reactive and patchy. Hawkins’s (1984, 2002) work on inspector discretion adds a further structural feature: the inspector’s case-creation function is itself an information-architecture activity, with the inspector deciding which events become “cases” and which are absorbed into the routine flow.

Workers’ compensation claims data is, in this longer historical context, an additional information stream rather than the regulator’s primary direction-setting input. Compensation data adds structural features the self-reporting and field-report streams lack: it is processed through insurance entities rather than being entirely operator-controlled; it captures a defined population (claims-eligible injuries) with consistent definitional rules; it provides a longitudinal record; and it enables comparison across employers through experience rating. Coronial findings, hospital admissions data, social surveys (notably the Labour Force Survey in the UK and the Australian Bureau of Statistics Work-Related Injuries Survey), and academic-research findings provide further streams. The information-sovereignty condition is best understood not as a critique of compensation-data reliance but as a positive prescription for multi-source triangulation.

Each stream has its own structural biases, and the information-sovereignty argument is about the regulator’s responsibility to interrogate each stream against the others rather than to rely on any single source. The bias evidence in the compensation-data stream is substantial. Studies linking the US Bureau of Labor Statistics Survey of Occupational Injuries and Illnesses to state workers’ compensation records find that SOII misses between 25 and 78 per cent of injuries reported in compensation records, depending on industry, establishment size, and state (Boden and Ozonoff 2008; Rosenman et al. 2006; Bureau of Labor Statistics 2014; Wuellner et al. 2016). Workers themselves report only around 63 per cent of serious injuries (Azaroff, Levenstein and Wegman 2009). Construction is the most under-reported because firms compete for contracts on injury rates (Wuellner et al. 2016). Tombs and Whyte (2013) extend the critique: UK HSE fatal-injury data understates actual work-related deaths by a factor of five to six because it excludes occupational disease, and HSE major-injury investigations fell 49 per cent between 1999/2000 and 2009/10 while local-authority inspections fell 86 per cent from 2009/10 to 2012/13 (Tombs and Whyte 2010). The implication is not that compensation data should be discarded or self-reporting replaced; it is that the regulator relying on any single stream without critical interrogation can preside over substantial degradation of its enforcement function while its headline metrics continue to record progress. The closest existing doctrinal anchor is section 2(b)(12) of the US Occupational Safety and Health Act 1970, requiring “appropriate reporting procedures … which procedures will help achieve the objectives of this Act and accurately describe the nature of the occupational safety and health problem” (United States Congress 1970) but the contemporary regulator needs more than reporting procedures; it needs an architecture of critical interrogation across multiple information streams.

Operationalising information sovereignty.

The conceptual articulation above is necessary but not likely sufficient. The OECD-aligned literature has operationalised the four established structural conditions, independence (OECD 2017), technical competence (the inspector continuing-professional-development literature and the OECD agile-and-autonomous-regulators framing), adequate resourcing (OECD 2022), and legitimacy with accountability (OECD 2014), through measurement indicators, assessment criteria, and failure modes. If the framework’s claim that information sovereignty is constitutive rather than contextual is to carry analytical weight, it must be operationalised at parity with the four established conditions. Three operationalisation axes follow.

Measurement indicators.

The presence or absence of information sovereignty is observable through six indicators, three quantitative and three qualitative.

• I1 – stream breadth. The number of distinct information streams the regulator actively integrates into direction-setting decisions, measured against the eight streams identified above (self-reporting, worker reports, public complaints, compensation data, coronial findings, hospital admissions, social surveys, academic research). The target is at least five of the eight, with at least one stream from each of the four functional categories: operator-supplied, worker-supplied, ecosystem-supplied (insurer, coroner, health system), and externally-produced (social surveys, academic research).
• I2 – triangulation frequency. The frequency at which the regulator cross-checks the streams against each other, measured at the level of formal published triangulation outputs. The target is quarterly minimum at the aggregate level and annual at the sector level.
• I3 – discrepancy documentation rate. The proportion of identified between-stream discrepancies that are formally documented and published. The target is full documentation; the threshold for acceptable operation is 80 per cent.
• I4 –  adversarial-source ingestion. The qualitative indicator of whether the regulator’s direction-setting actively incorporates information from sources structurally adversarial to the regulated entity, civil-society organisations, investigative journalism, union research, academic critique. The target is documented incorporation in at least one annual direction-setting decision.
• I5 – inspector data-literacy. The qualitative indicator of whether the inspectorate’s continuing-professional-development framework includes formal data-literacy training (statistical interpretation, source-bias recognition, multi-source triangulation methods). The target is full coverage of operational inspectors.
• I6 – published-methodology transparency. The qualitative indicator of whether the regulator publishes its own data architecture, source-quality assessments, and known limitations alongside its headline metrics. The target is integrated annual publication.
• Assessment criteria.

Information sovereignty is likely assessable through five criteria that any regulator’s data architecture can be evaluated against.

• A1 – constitutive recognition. Data architecture is treated in the regulator’s organisational design as a constitutive function rather than as administrative support; the senior responsibility for it sits at executive level rather than at deputy or technical-services level.
• A2 – cross-stream verification protocols.Formal protocols exist for cross-checking each stream against the others, with documented decision rules for what to do when streams disagree.
• A3 –  adversarial interrogation mechanism. The regulator has a mechanism, internal data-quality function, independent advisory committee, formal civil-society engagement, for critically interrogating each stream’s structural biases on terms independent of the stream’s producers.
• A4 – independent verification capacity. The regulator has the capacity to verify operator-supplied data independently, through unannounced inspection, third-party audit, or technical-instrumentation deployment.
• A5 –  publication transparency. The regulator publishes discrepancies, limitations, and methodology alongside headline metrics, rather than only publishing the metrics. The five criteria are deliberately parallel to the OECD five-dimension operationalisation of independence (role clarity, transparency and accountability, financial independence, independence of leadership, staff behaviour and culture of independence), they specify the design properties that must be present rather than the operational outcomes that should follow.

Failure modes.

Information sovereignty is diagnosable in its failure through five distinguishable failure modes.

• F1 – single-stream reliance. The regulator’s direction-setting depends predominantly on one information stream (typically compensation data or self-reporting) without active triangulation across other streams. The Brady Review’s documentation of the Queensland pre-2019 regulator’s reliance on operator-supplied incident data, and the parallel inadequacy of its high-potential-incident classification, is the most direct Australian illustration (Brady 2019; engaged at Section 6.4).
• F2 –  symbolic data architecture. The regulator collects multiple data streams but does not interrogate them; the architecture is performatively complete but operationally inert. The audit-as-ceremony evidence (Hutchinson, Dekker and Rae 2024) is the academic articulation of the failure mode at the operator level; the regulator-level analogue is the regulator that publishes annual data outputs without analytical interrogation.
• F3 – operator-data dependence. The regulator’s information architecture is constituted predominantly of data the regulated entities themselves produce, with no independent verification capacity. The Texas City case is the canonical illustration: OSHA’s reliance on facility-supplied personnel-injury data masked the catastrophic-risk profile of the facility (Section 6.2).
• F4 – audit-as-ceremony. Formal data exists, formal review occurs, but the data does not inform decision-making. The failure mode is distinguishable from F2 because the architecture is operationally engaged (reports are reviewed) but is treated as an end in itself rather than as input to direction-setting. The Hutchinson, Dekker and Rae (2024) study of safety-management-systems audits documents the operator-level version; the regulator-level analogue is the regulator that reviews returns without re-prioritising inspection on the basis of what the returns disclose.
• F5 – headline-metric capture. The regulator’s KPI suite is composed of metrics that are systematically biased toward registering frequent low-consequence events and away from registering rare high-consequence events (the Heinrich-derived occupational-injury frequency rate is the paradigm case). The metric performs well by its own measures while the underlying harm pattern shifts beyond its instruments to detect. The Hopkins (1994) LTI critique is the founding articulation; the Tombs and Whyte (2010, 2013) work on UK HSE enforcement decline against stable headline metrics is the contemporary empirical demonstration.

The three operationalisation axes are mutually reinforcing. The measurement indicators provide the observable signals that allow external assessment; the assessment criteria specify the design properties that must be present; the failure modes identify the diagnostic patterns of degradation. A regulator’s information-sovereignty posture is strong if the six measurement indicators are at or above target, the five assessment criteria are satisfied, and none of the five failure modes is operationally present. The posture is weak on any one or more of the three axes, and the analytical implication is that weakness on any axis produces structural vulnerability to the harm patterns the framework’s evidence base documents. The operationalisation does not eliminate the analytical work the regulator must do; it specifies the dimensions on which the work must be done.

The operationalisation departs from existing scholarship in two specific ways. First, the public-administration literature on bureaucratic autonomy (Carpenter 2001, 2010; Carpenter and Moss 2014) treats data-architecture sophistication as one of several enabling conditions for autonomy (the capacity to act independently of political principals). The framework here repositions data architecture as a constitutive condition in its own right, the regulator’s information sovereignty is not a means to autonomy but a standalone structural condition without which the other four are operationally compromised. Second, the principal-agent literature (Moe 1984; McCubbins, Noll and Weingast 1987; McCubbins and Lupia, in Wood and Waterman 1994, 1991) emphasises information asymmetry as the principal challenge to oversight, with the regulator typically construed as the agent of legislative or executive principals. The framework here inverts the analytical lens: the regulator is itself an information-asymmetry-creating actor vis-à-vis both its principals and the public, and its information sovereignty must be construed in both directions, its capacity to interrogate the streams it depends on (the information-receiving direction) and its capacity to expose its own decision-making to interrogation by its principals and the public (the information-disclosing direction). The OECD-aligned legitimacy-and-accountability condition partially captures the second direction; the information-sovereignty condition operationalises the first. The two are complementary rather than overlapping.

Knobel and Naweed (2023) supply a specific operational mechanism the information-sovereignty argument has not so far named. Their study maps the WHS inspector’s sphere of influence as bidirectional with the government level, information flows upward from inspector findings and downward from government priorities and information requests, but unidirectional with the company level, where regulation pushes down without an equivalent operator-to-regulator information channel that the regulator can independently verify. The bidirectional inspector-to-government information flow is one of the principal mechanisms through which the regulator’s information sovereignty operates or fails: if inspector findings are filtered, aggregated, or selectively reported on their way to government direction-setting, the regulator’s own KPI architecture (and the legislative framing that follows from it) is recursively shaped by the same tunnel-vision pattern Knobel and Naweed document at the inspector-individual level. The implication for the framework’s operationalisation is that the information-sovereignty assessment criteria (A1–A5) must apply not only to the external information streams the regulator ingests but also to the internal inspector-to-government information channel through which the regulator’s own observations are aggregated. The deeper engagement with Knobel and Naweed’s tunnel-vision finding is in Section 4.3.

The five conditions are likely reciprocally reinforcing. Independence without competence produces formal autonomy without substantive effect. Competence without resourcing produces talented inspectors who cannot deliver. Resourcing without legitimacy produces public mistrust. Legitimacy without independence produces a captured regulator. And legitimacy, independence, resourcing, and competence without information sovereignty produce a regulator that may be doing well by its own measures while the underlying harm pattern shifts beyond its instruments to detect. The five conditions are summarised in Table 2.

Table 2

The five structural conditions of effective regulator design

4.5 The wider prevention ecosystem

The fifth question is what the regulator’s relationship is to the other mechanisms contributing to the prevention of work-related harm. The claim offered here is that the regulator is one mechanism among several, and that a mature regulator design builds explicit interfaces instead of treating the regulator as the exclusive locus of safety oversight. The doctrinal foundation is thinner than for the other four components, none of the five statutory frameworks treats workers’ compensation insurers, coronial inquiries, or industry standards-setting as part of the regulator’s doctrinal foundation. The ecosystem framing is therefore offered as an operational observation about contemporary regulatory architecture rather than as a doctrinal entailment.

Four other mechanisms warrant attention. Coronial inquiries function as a structurally distinctive prevention mechanism. Coroners are independent judicial officers whose statutory purpose increasingly includes prevention; the Victorian Coroners Act 2008 articulates this explicitly. The Australian coronial system varies substantially, Victoria’s post-2008 prevention model is the strongest, with other jurisdictions offering weaker frameworks. International comparators differ: the UK Regulation 28 Prevention of Future Deaths regime (under the Coroners and Justice Act 2009) operates a mandatory-response architecture; the United States has no comparable federal institution but the US Chemical Safety and Hazard Investigation Board plays a related role for major-incident investigation; the EU varies by member state. Coroners can examine the regulator’s own conduct, the 2020 Dreamworld inquest made findings against the Office of Industrial Relations directly (Coroners Court of Queensland 2020) and produce recommendations that drive regulator action on evidence the regulator could not have produced. The coordinated 2014–2019 quad bike inquest series across Queensland, NSW, Victoria, and New Zealand demonstrated that coronial action can drive Australian Competition and Consumer Commission mandatory standards even where the work safety regulator’s jurisdiction is structurally constrained (Safe Work Australia 2024a). The empirical record on coronial-recommendation uptake is uneven: Victoria’s mandatory-response regime produces explicit statements of action in only 44 per cent of responses, with ambiguity associated with non-implementation (Sutherland et al. 2014, 2016); three decades after the Royal Commission into Aboriginal Deaths in Custody, many systemic-review recommendations remain unimplemented (Freckelton 2024). But the coronial system is now the primary source of detailed organisational-accident narrative in Australian regulator scholarship.

Royal Commissions and Boards of Inquiry serve a related but distinct function. Where the coronial system is event-prompted and judicial, the Royal Commission and Board of Inquiry mechanism is government-commissioned and political. The Boland Review (2018) and the Brady Review (2019) are recent examples that reshaped the regulatory framework and the regulator’s operational priorities. The Brady Review established a fatality-cycle finding and four recommendations directed at the regulator including adoption of the High Potential Incident Frequency Rate, that the Queensland regulator has now operationalised.

The Royal Commission and Board of Inquiry mechanism is, however, a structurally contingent product rather than an authoritative finding of fact. Inquiries operate under terms of reference set by the commissioning government, with funding levels and sitting periods determined by political and budgetary cycles. Even substantial inquiries may produce findings the subsequent literature contests on grounds of scope, analytical depth, or political-economy context. The Royal Commission on the Pike River Coal Mine Tragedy (Panckhurst, Bell and Henry 2012), reporting on the November 2010 explosion that killed 29 mineworkers in New Zealand, is a useful illustration. The Commission identified inadequate regulatory oversight, documented the post-1992 progressive reduction of mining-inspectorate capacity to just two inspectors for the whole country, and recommended a new dedicated regulator (subsequently WorkSafe New Zealand). The Minister of Labour resigned the day the report was released and the Prime Minister publicly apologised. Subsequent literature, notably Macfie (2013) and academic commentary, has argued that the Commission’s terms of reference did not adequately permit examination of the broader political-economy context that produced the regulatory-capacity reductions; that the recommendations focused on technical and institutional reform without fully engaging the industrial and political dimensions that allowed progressive deregulation; and that some recommendations on directors’ personal accountability did not go as far as the underlying evidence might have warranted. Pike River is instructive precisely because the Commission’s findings were comprehensive on multiple dimensions yet remain contested on the dimensions the inquiry’s terms of reference and political context constrained. The framework’s information-sovereignty component (Section 4.4) applies recursively here: a regulator that accepts inquiry findings without critical interrogation has compromised its information sovereignty in the same structural way as a regulator that accepts compensation-data outputs without external verification. The four major-accident cases analysed in Section 6 are engaged with this caveat.

Workers’ compensation insurers are, in the Australian context, the most consequential of the other mechanisms because of the central role compensation-claims data plays in regulator direction-setting. The state-by-state institutional architecture varies in ways that have measurable consequences. In Victoria, WorkSafe Victoria is simultaneously the regulator and the workplace injury insurer (Department of Treasury and Finance Victoria 2024); the data flows and operational priorities are entirely internal, and the OHS function is funded by the compensation premium. In Queensland, the Office of Industrial Relations / Workplace Health and Safety Queensland regulator is separated from WorkCover Queensland, with data-sharing and policy coordination but distinct accountability. In New South Wales, SafeWork NSW (regulator), the State Insurance Regulatory Authority, and icare (Nominal Insurer) are institutionally distinct. Each design choice produces different incentive structures and vulnerabilities. The integrated Victorian model captures data-flow benefits but introduces the risk that compensation-cost considerations colonise prevention decision-making; the separated NSW model preserves prevention-function independence but loses the integrated data architecture (Safe Work Australia 2024b). International comparators show further variation: US state-by-state workers’ compensation systems are administered separately from federal OSHA regulation; European social-insurance models typically operate at arm’s length from OHS inspectorates; the UK separates workers’ compensation entirely from HSE. The Australian state-by-state variation is an unusually rich natural experiment in regulator-insurer design. Premium-setting and experience-rating are themselves substantial regulatory mechanisms; the empirical evidence supports a modest but real prevention effect from experience-rated premiums (Ruser 1985), while the countervailing evidence on gaming behaviour, outsourcing of risky work to temporary work agencies, claims suppression, return-to-work pressure, shows that the prevention effect is partial and intermingled with claims-management behaviour (Hyatt and Thomason 2003). A mature regulator design recognises the insurer’s regulatory role and treats it as part of the regulator’s information and incentive architecture rather than as administrative back-office function.

Industry standards-setting bodies, including the International Organization for Standardization (ISO 45001, ISO 45003), industry trade associations, and global standards processes such as the International Council on Mining and Metals, function as a fourth mechanism. The 2019 Brumadinho tailings-dam collapse and the subsequent Global Tailings Review demonstrate both the potential and the limits of this mechanism. Hopkins and Kemp (2021), as two of the seven independent experts on the writing panel, provide a contemporaneous insider account: the resulting Global Industry Standard on Tailings Management represents a step-change improvement but falls short, in their account, because of ICMM “red line” vetoes that prevented bans on upstream tailings dam construction, riverine and deep-sea disposal, and proper consequence-classification of single-fatality events. The civil-society Safety First Guidelines (June 2020) were sidelined in the process. ICMM and UNEP have published their own characterisations; a balanced account would require engagement with those alongside the Hopkins-Kemp insider account. The framework’s implication is nonetheless defensible: voluntary standards co-produced with industry are not a substitute for independent regulator-set requirements; they can supplement but not replace the regulator’s standards-setting function.

The ecosystem framing developed here has a natural theoretical home in the network-governance literature in public administration. Klijn and Koppenjan’s work on governance networks (Klijn 2008; Klijn and Koppenjan 2016) develops the proposition that policy outcomes in complex domains are produced by networks of actors rather than by any single hierarchical agency, and that the design challenge is therefore to constitute the network rather than to perfect any single node. Rhodes’s work on policy networks (Rhodes 1997, 2017) develops the parallel observation that hierarchical state authority has been progressively supplemented by network-based governance, and that effective public administration depends on the capacity to steer networks rather than to command them. Provan and Kenis’s typology of network-governance modes (Provan and Kenis 2008) distinguishes shared governance, lead-organisation governance, and network-administrative-organisation governance, a typology that has direct application to the prevention ecosystem. The work safety regulator can be characterised, on this analytical lens, as the lead organisation in a shared-governance prevention network whose other nodes include the coronial system, Royal Commission and Board of Inquiry institutions, workers’ compensation insurers, industry standards-setting bodies, civil-society and union actors, and academic-research institutions. The framework’s ecosystem component is the work-safety-specific operationalisation of network-governance theory rather than an unconnected analytical observation. The implication is that the regulator’s relationship to the ecosystem is itself a substantive design choice rather than a contextual feature, and that explicit attention to network constitution, which nodes are connected, on what terms, with what data flows, with what accountability, is part of regulator design rather than separate from it.

On this account, the work safety regulator should be understood as one mechanism within a wider prevention ecosystem, and a mature regulator design builds explicit interfaces with the other mechanisms, for example, by absorbing coronial recommendations as continuous regulatory inputs (WorkSafe Tasmania 2016), by drawing on Royal Commission findings to drive legislative reform, by coordinating with industry bodies on technical standards while retaining independent verification, by treating the regulator-insurer relationship as a deliberate design choice with measurable incentive consequences, and by constituting the prevention network deliberately rather than relying on emergent interactions among autonomous nodes.

Synthesis of the framework

The five components interact in ways the section-by-section presentation cannot fully capture. Purpose sets what the regulator is constituted to address; function portfolio sets what the regulator does; layered causation model sets the lens through which the regulator interprets what it does; structural conditions set what the regulator must be to do its work competently; and wider prevention ecosystem sets the regulator’s relationship to the other mechanisms.

The central claim is not that any one component is necessary alone; it is that partial implementation produces predictable patterns of regulator failure. A regulator with strong purpose, function portfolio, causation model, and ecosystem positioning but weak structural conditions tends to produce symbolic regulation, formally compliant with statutory requirements but operationally unable to deliver. A regulator with strong structural conditions but a narrow purpose clause tends to produce well-administered regulation of the wrong harm types. A regulator with all four established components but no information sovereignty tends to produce confidently misdirected regulation, substantial activity that fails to address the actual harm pattern. The framework’s empirical case rests on Section 6, which tests these patterns against four major-accident cases.

Several specific regulator designs are ruled out by this analysis. A design that uses occupational-injury frequency rate as its primary measure of safety performance is rejected by component three (the layered causation model). A design that lacks structural independence from the regulated activity including dual production-promotion and safety-regulation mandates of the Minerals Management Service type, is rejected by component four (structural conditions). A design that accepts compensation claims data as authoritative without external verification or triangulation is rejected by component four (information sovereignty specifically). A design that treats the regulator as the exclusive locus of safety oversight, without explicit interfaces with the coronial system, insurance mechanisms, and industry standards processes, is rejected by component five (wider prevention ecosystem).

Alternative positions warrant engagement. The deregulationist position, that the existing regulator framework imposes net costs on firms and that the cost-benefit calculation does not support expansion, is engaged in Section 5 through the inspection-effectiveness empirical literature (Levine, Toffel and Johnson 2012; Johnson, Levine and Toffel 2023). The framework does not adopt the position because the empirical evidence supports a real prevention effect from regulator action when adequately resourced, and because the contemporary harm pattern includes harm types (psychosocial, gig and platform work, climate exposure) the deregulationist position does not engage. The behavioural-safety defender position is engaged through the layered causation model in Section 4.3, which accommodates behavioural intervention as one paradigm within a layered approach. The framework does not adopt the position as primary because the Texas City evidence demonstrates that behavioural-focused metrics mask catastrophic-risk failure. The capture-theory critique is engaged through Stream 4 of the supporting bibliography and through the Brumadinho discussion in Section 4.5. The framework treats capture as a vulnerability to be designed against rather than as an inevitability that defeats regulator design.

Two contributions warrant explicit identification. The first is the doctrinal grounding of the proposed expansion of the purpose clause in international instruments, ILO Convention 155 Article 3(e) and the US OSH Act 1970 sections 2(b)(5) and (6), which positions the expansion as consolidating in statute the expanded scope the operative regulatory regime has been progressively addressing. The second is the identification of information sovereignty as a fifth structural condition constitutive of effective regulation, supported by the convergent empirical record on compensation-data under-reporting, regulatory degradation, and the occupational-vs-process safety distinction. Each contribution extends rather than displaces existing scholarship. Hopkins (1994, 2008, 2012, 2019, 2022; Hopkins and Kemp 2021) supplies extensive analytical grounding for the framework, establishing the occupational-vs-process safety distinction and the production-pressure / structure-creates-culture argument that inform Sections 4.3 and 4.4 substantially. The framework’s two contributions extend Hopkins’s work by providing the doctrinal grounding the Hopkins corpus does not develop and by elevating data architecture from operational concern (where Hopkins treats it) to constitutive structural condition. The cross-section pattern of Hopkins-anchored analysis that runs through Sections 4, 5, and 6 is itself a feature of the framework’s evidence base that warrants explicit engagement; Section 7 addresses the reliance pattern and identifies the further work an independent test against non-Hopkins-anchored evidence would require.

What is offered is a normative reconstruction of what the work safety regulator in advanced-economy major-hazard sectors should be. Each of its five components is supported by the evidence base; the integration is the synthesiser’s analytical reconstruction; the two specific additions are contributions to the literature. The empirical case rests on Section 6, where four major-accident cases test its components in practice.

5. Empirical evidence and structural critique

Section 4’s framework rests on empirical claims this section examines. The relevant evidence is organised across four classes, inspection effectiveness, intervention design, recommendation uptake, and data quality and structural bias. The central analytical claim is that the four classes are not in opposition but in productive tension. Regulator action doesproduce measurable safety outcomes when adequately resourced, competent, and targeted; and the data architecture on which most regulator direction-setting depends is structurally biased in ways that systematically under-count work-related harm. Both findings are held by the literature on careful reading, and the framework’s argument is that contemporary regulator design must accommodate both.

The four classes are presented in parallel but the section’s longest engagement is with Class 4 (data quality and structural bias), which provides the empirical foundation for the framework’s information sovereignty condition. The section is structured in seven parts: the first four engage each class of evidence in turn; the fifth states the aggregate analytical position; the sixth engages the deregulationist counter-position substantively; and the seventh acknowledges the geographic-and-cultural limitations of the empirical evidence base.

5.1 Inspection effectiveness

The strongest empirical evidence on regulator effectiveness comes from quasi-experimental studies of inspection programmes. The natural experiment most often cited is the random allocation of Cal/OSHA programmed inspections between 1996 and 2006 (Levine, Toffel and Johnson 2012). The study compared 409 single-location businesses in high-hazard industries that had received a random Cal/OSHA inspection with 409 closely matched control businesses. Over the four years following inspection, inspected businesses experienced a 9.4 per cent reduction in workers’ compensation injury claims and a 26 per cent reduction in workers’ compensation costs (medical expenses and wage replacement), with no statistically detectable effect on sales, payroll, employment, creditworthiness, or firm survival. The combination of substantive injury reduction and absence of detectable business-performance impact is unusual in the regulatory-economics literature and gives the finding particular evidentiary weight.

Johnson, Levine and Toffel (2023) extended the analysis using machine-learning counterfactual methods on OSHA’s national inspection data and found that targeting, which businesses receive inspections, is at least as consequential as inspection volume. Their estimate is that OSHA could have averted more than twice the injuries that randomly-allocated inspections produced by directing inspections to the highest-expected-averted-injury businesses, generating up to USD 850 million in social value over the decade examined. The 2023 finding strengthens the 2012 finding: inspection works, and targeted inspection works substantially better than random inspection.

The inspection-effectiveness contention is consistent with this Cal/OSHA natural-experiment evidence and with the Norwegian Labour Inspection quasi-experimental evidence (Garshol, Emberland and Johannessen 2025) in the specific sector and institutional context they examined. The Garshol study, structured as a post-test-only control-group design in Norwegian home-care services, found statistically significant compliance improvements in the treated establishments relative to controls; the Norwegian institutional context (Scandinavian tripartism, internal-control regulation, social-democratic political economy) differs substantially from California’s, but two studies in two specific contexts do not establish a generalisation pattern. They establish that the framework’s contention is consistent with evidence from two specific contexts.

Four qualifications follow. First, the Levine effect size (9.4 per cent injury reduction) is statistically robust but modest in absolute terms. Second, the Cal/OSHA inspections studied were programmed inspections (planned, not complaint-driven) of single-location businesses in high-hazard industries; generalisation to other inspection contexts is inferential, not demonstrated. The Norwegian study’s institutional context is sufficiently distinctive that broader transferability requires further evidence. Third, the Levine evidence is drawn from inspections conducted between 1996 and 2006, a period preceding the substantial regulator degradation documented in the UK and elsewhere (Section 5.4). Tombs and Whyte (2010, 2013) establish that UK HSE enforcement declined substantially during the period after the Levine study window: major-injury investigations fell 49 per cent between 1999/2000 and 2009/10; local-authority inspections fell 86 per cent between 2009/10 and 2012/13. Whether equivalent inspection-effectiveness effects can be expected from contemporary regulator practice under reduced resourcing and inspection capacity is an empirical question the present paper does not resolve. Fourth, and most consequential for the framework’s analytical economy, the Levine outcome measure is workers’ compensation injury claims, which is the same compensation data stream that Section 5.4 demonstrates is structurally biased and under-counts work-related harm by between 25 and 78 per cent (Boden and Ozonoff 2008; Rosenman et al. 2006; Wuellner et al. 2016; BLS 2014). The injury reduction the Levine evidence documents is therefore properly construed as a reduction in the sub-class of harm the compensation system is configured to detect, predominantly acute traumatic occupational injury in single-location high-hazard establishments, rather than as a reduction in the broader contemporary harm pattern the framework is constituted to address (process-safety risk, psychosocial harm, occupational disease, gig and platform-work harm, climate-driven exposure). The implication is twofold. The inspection-effectiveness finding is robust as a finding about the sub-class of harm Levine measures, and the framework’s analytical use of the evidence should be calibrated to that scope; the finding is not equivalent evidence for inspection effectiveness against the harm classes the compensation system does not register, and the framework’s analytical reliance on Levine in those domains must be qualified proportionally. The structural-conditions empirical case is weakened by this qualification: the Levine evidence supports the inspection works proposition for one sub-class of harm rather than supporting it for the broader scope the framework addresses. The framework’s response is consistent with this qualification: the adequate resourcing condition (Section 4.4) is supported by Levine for the sub-class Levine measures and is supported by independent evidence (OECD 2022; British Safety Council 2023; Brady 2019; the Garshol Norwegian replication) for the broader scope; the information sovereignty condition is not supported by Levine, it is supported by the convergent Section 5.4 evidence and answers, directly, the Levine evidence’s structural limitation. The framework therefore does not over-rely on Levine: the inspection-effectiveness proposition rests on Levine plus the broader resourcing evidence for the broader scope, and the information-sovereignty proposition rests on a different evidence base that does not assume the compensation-data stream is unbiased.

5.2 Intervention design

The second class of evidence concerns the relationship between regulator-level policy design and organisation-level safety outcomes. The most substantial recent body of evidence is the work of Dollard and colleagues on Psychosocial Safety Climate (PSC). Dollard, Loh and Potter (2024) examined PSC as an organisational-level determinant of working time lost and expenditure following workplace injuries and illnesses, finding that PSC is a measurable construct that predicts both. Potter, Dollard and Cefaliello (2024) extended the analysis to national policy frameworks, constructing a National Policy Index for worker mental health and demonstrating an empirical relationship between the strength of a country’s worker mental-health policy framework and enterprise-level PSC. Berglund, Kombeiz and Dollard (2024) examined a manager-driven intervention designed to improve PSC and reported measurable effects. Friebel, Potter and Dollard (2024) extended the PSC analysis to health and safety representatives’ perceptions, finding that they tracked the broader PSC pattern. Jurek, Olech and Dollard (2025) provided cross-cultural validation of the PSC-12 instrument through a Polish multisample multilevel study. Afsharian, Dollard and Crispin (2023) extended the PSC framework to musculoskeletal disorder outcomes.

PSC has been substantially validated within the Dollard tradition and across cross-cultural samples (Jurek, Olech and Dollard 2025). Independent construct-validity examination, including how PSC relates to other safety-climate constructs, is less developed, and the framework’s use of PSC evidence should be understood as dependent on the construct’s continuing empirical productivity rather than as a settled measurement standard.

The Dollard PSC literature is consistent with the framework’s contention that regulator-level policy design has measurable downstream organisational effects. The qualification is that the evidence is largely cross-sectional or longitudinal observational. The Potter, Dollard and Cefaliello National Policy Index methodology cannot rule out reverse causation (countries with better enterprise behaviour may develop better national policy frameworks) or common cause (cultural and institutional features that drive both). The intervention-design class is consistent with the regulator-design → outcome causal chain the framework articulates; it does not, on its own, demonstrate the chain. The claim here is appropriately calibrated to “consistent with” rather than “demonstrating”, but the consistency across multiple PSC studies and multiple international contexts strengthens the case.

5.3 Recommendation uptake

The third class of evidence concerns what happens to regulator and inquiry recommendations after they are issued. Sutherland, Kemp and Studdert (2014, 2016) studied the Victorian mandatory-response regime for coronial recommendations, one of the most structurally well-designed recommendation-uptake mechanisms in the Australian system. The Victorian regime requires recipients of coronial recommendations to respond formally within three months, with responses publicly accessible. Sutherland, Kemp and Studdert (2014) examined organisational responses over the first three years and found that, while most responses were provided within the legislated timeframe and signed by senior or executive management, only 44 per cent of responses contained explicit statements about whether action had been or would be taken. The remaining 56 per cent did not. Sutherland, Kemp and Studdert (2016) extended this with a content analysis of 282 recommendation-response pairs and found that ambiguity in responses was strongly associated with non-implementation.

A longer-time-horizon analogue is documented in the Royal Commission into Aboriginal Deaths in Custody (RCIADIC) recommendation-uptake literature. RCIADIC reported in 1991 with 339 recommendations covering operational, statutory, and policy reforms across multiple agencies and jurisdictions. Three decades later, the implementation record varies substantially by jurisdiction and recommendation. Several procedural reforms have been implemented widely (notably mandatory-inquest provisions for custodial deaths); many systemic-review recommendations have not been implemented at the same rate (Freckelton 2024). The pattern of procedural compliance without substantive change is consistent with the Sutherland, Kemp and Studdert finding at a different timescale, though the Indigenous-justice context adds dimensions the regulator-direction-setting argument does not engage here.

The Sutherland, Kemp and Studdert evidence demonstrates that the receiving-side of recommendation uptake produces explicit action statements in less than half of cases. This finding is consistent with multiple causal hypotheses: inadequate recommendation specification on the producing-side, inadequate translation capacity on the receiving-side, or structural mismatch between the form of regulator and inquiry outputs and the capacity of regulated entities to implement them. This counts as evidence that the regulator’s learning and policy revision function (Section 4.2) must include attention to recommendation form and translation capacity, not only to recommendation content. An important qualification is that 44 per cent is presented in the literature as a low figure, but the literature does not provide an external benchmark.

5.4 Data quality and structural bias

The fourth class of evidence is the most consequential for the framework’s information sovereignty argument. The regulator’s information architecture has historically been and largely remains, dependent on three primary streams: self-reporting by regulated organisations, in-field reports from employees, and reports from members of the public. Each stream has well-documented limitations the framework’s Section 4.4 articulation engages. Workers’ compensation claims data, where available, adds a fourth stream with its own structural features and biases. The convergent empirical finding across multiple studies in multiple jurisdictions is that each of the available streams has structural biases and that the compensation-claims and injury-statistics data on which contemporary regulator direction-setting increasingly depends is no exception.

Studies linking the US Bureau of Labor Statistics Survey of Occupational Injuries and Illnesses (SOII) to state workers’ compensation records find that SOII misses between 25 and 78 per cent of injuries reported in compensation records (Boden and Ozonoff 2008; Rosenman et al. 2006; Bureau of Labor Statistics 2014). The range reflects systematic variation rather than measurement noise: under-reporting varies by industry (construction is the most under-reported), by establishment size (large establishments in high-hazard sectors are particularly affected), by worker characteristics (Hispanic and migrant workers are disproportionately under-counted), and by injury type (acute traumatic injury is better captured than musculoskeletal disorders and chronic conditions). Wuellner, Adams and Bonauto (2016) found that under-reporting varied systematically by establishment characteristics, large construction establishments had among the highest incidence of unreported claims, partly because firms compete for contracts on injury-rate criteria, creating direct incentives to suppress reporting. The Azaroff, Levenstein and Wegman (2009) healthcare-industry study found that OSHA logs accounted for only one-third of corresponding workers’ compensation records, and that workers themselves reported only 63 per cent of serious occupational injuries. The compounded under-count from worker self-report through employer record to BLS data is severe and structurally patterned.

Tombs and Whyte (2010, 2013) extend the under-reporting critique into the question of what counts as work-related harm at all. Their analysis of UK HSE data finds that HSE fatal-injury figures understate actual work-related deaths by a factor of five to six, because the headline data covers only fatal injury and excludes deaths from occupational disease, silicosis, asbestos-related cancers, occupational cancers more broadly, and mental-health suicides (Tombs and Whyte 2013). They describe this as a “regulatory filter” that ensures only a negligible fraction of work-caused deaths attracts enforcement attention. The Tombs and Whyte work documents the consequential collapse of UK enforcement activity over the period 1999/2000 to 2009/10: HSE major-injury investigations fell 49 per cent; enforcement notices fell 29 per cent; prosecutions almost halved; local-authority inspections fell 86 per cent from 2009/10 to 2012/13 (Tombs and Whyte 2010). The implication, which the framework’s information-sovereignty argument incorporates, is that a regulator whose primary outcome data is produced by itself and by the regulated entities, with no external verification mechanism and no multi-source triangulation, can preside over substantial degradation of its own enforcement function while its headline metrics continue to record progress.

The Australian-anchored critical voice is Hopkins’s 1994 paper The Limits of Lost Time Injury Frequency Rates, which pre-dates the Tombs and Whyte work and supplies the foundational critique. Hopkins (1994) argued that LTIFRs are “entirely unsatisfactory” as safety performance measures: they are “far more sensitive to claims and injury management processes than to real changes in safety performance”; their variation at single-workplace level is statistically insignificant and “no guide to changing levels of safety”; and they “tell us nothing about how well the most serious safety hazards are being managed”. The framework’s layered causation model (Section 4.3) and information sovereignty (Section 4.4) arguments both descend from Hopkins’s 1994 articulation, and his subsequent work (2008, 2012) extends the critique into the occupational-vs-process safety distinction that the Texas City case (Section 6.2) operationalises.

Two further sources warrant engagement. Hutchinson, Dekker and Rae (2024), in Audit Masquerade, argue that audit functions can become ceremonial comfort rather than substantive treatment of safety problems, a critique that bears on the framework’s function portfolio treatment of compliance monitoring through inspection and audit. Their argument is that the audit function is performatively important to regulators and regulated entities alike, it produces documentary evidence of safety attention, conformance certifications, and assurance reports, without necessarily producing safety improvement. The audit function’s substantive value depends on its connection to the regulator’s investigation, enforcement, and learning activities; an audit function operating in isolation tends toward ceremony. The Ontario Workplace Safety and Insurance Board experience-rating-gaming literature (Hyatt and Thomason 2003) extends the data-architecture critique into the workers’ compensation insurance context: experience rating puts a price on workplace health and produces measurable employer behavioural responses, but the behaviour produced is often gaming within the rules, outsourcing of risky work to temporary work agencies, claims suppression, and return-to-work pressure that does not improve actual safety. Both sources strengthen the framework’s information-sovereignty argument by demonstrating that the regulator’s auditing and insurance-incentive mechanisms can produce documentary evidence of safety attention without substantive safety improvement.

5.5 The aggregate analytical position

The four classes of evidence support an aggregate analytical position with two parts. The first part is that regulator action does produce measurable safety outcomes when it occurs and is adequately resourced, competent, and targeted. The Levine, Toffel and Johnson natural-experiment evidence is the strongest single finding; the Norwegian Labour Inspection replication and the Dollard PSC intervention-design evidence are consistent with it. The empirical case against the radical-deregulationist contention that OHS regulation imposes only net costs on firms is, on the available evidence, substantially stronger than the radical-deregulationist case for it. The Levine, Toffel and Johnson finding of substantive injury reduction with no detectable business-performance impact is directly responsive to the cost-benefit question and answers it in favour of regulator action in the contexts studied.

The second part is that the data architecture on which most regulator direction-setting depends is systematically biased in ways the regulator itself is structurally positioned not to see. The BLS / NIOSH under-reporting literature, the Tombs and Whyte regulatory-degradation work, the Hopkins 1994 LTIFR critique, the Hutchinson, Dekker and Rae Audit Masquerade analysis, and the Ontario WSIB experience-rating-gaming evidence are convergent on this finding across multiple jurisdictions, multiple sectors, and multiple analytical traditions. The information sovereignty condition addresses this finding directly.

The two parts are not in contradiction, but their relationship requires careful articulation. The Levine, Toffel and Johnson finding is measured against workers’ compensation injury data; Section 5.4 establishes that compensation injury data systematically under-counts harm; the inspection-effectiveness finding is therefore a finding about reduction in the harm the compensation system is configured to detect rather than necessarily about reduction in actual injury frequency. The tension is real and the framework’s response is structural. The regulator’s information architecture has historically been, and largely remains, dependent on multiple imperfect streams: self-reporting, worker reports, public complaints, compensation data, coronial findings, hospital admissions, and academic-research findings. No single stream is unbiased. The framework’s information-sovereignty prescription is about the regulator’s responsibility to triangulate across the available streams rather than to rely on any one of them. Inspection effectiveness measured against compensation data is a real finding within the limits of that stream; it does not establish that inspection produces reduction in the actual harm pattern the multi-source architecture would reveal. The framework’s case is not that the Levine finding is undermined by the data-architecture critique but that the Levine finding’s interpretation depends on the multi-source architecture the framework prescribes.

Regulator action works when it occurs and is measurable against the harm patterns the available data streams capture; the data architecture obscures parts of the actual harm pattern the regulator is acting upon; the framework’s contribution is to hold both claims at the same time and to prescribe the multi-source triangulation that resolves their apparent tension. The four classes of empirical evidence and their relationship to the framework components are summarised in Table 3.

Table 3

Empirical evidence summary across four classes

5.6 The deregulationist and public-choice counter-positions

The analytical case for explicit five-component regulator design depends on engaging the principal counter-positions substantively rather than dismissing them. Two related but analytically distinct traditions warrant separate engagement: the deregulationist position from the regulatory-economics literature, and the public-choice critique from the constitutional-political-economy tradition. The two are often conflated but the analytical content differs: the deregulationist position is principally concerned with the cost-benefit of regulation against firm-level and aggregate-welfare outcomes; the public-choice position is principally concerned with the structural-incentive problem of regulator behaviour against the public interest the regulator is constituted to advance. The framework must engage both.

The Stigler-Posner regulatory-capture critique.

Stigler’s 1971 paper The Theory of Economic Regulation developed the proposition that “as a rule, regulation is acquired by the industry and is designed and operated primarily for its benefit” (Stigler 1971: 3). The proposition is not that regulator personnel are corrupt; it is that the structure of political costs and benefits, applied to a regulatory agency over time, systematically produces regulation that advances the interests of the regulated industry against the interests of consumers, workers, and the public. Posner’s 1974 paper Theories of Economic Regulation developed the analytical taxonomy further: regulation that began as a response to a public-interest problem can be progressively reshaped by the better-organised, longer-time-horizon interests of the regulated industry, and the political-economy mechanism producing this outcome is structural rather than agent-specific. The Stigler-Posner critique poses a substantive challenge to the regulatory-design tradition the framework sits within: it argues that any regulator design, however well-articulated normatively, is vulnerable to progressive capture by the regulated industry over time. The framework’s response, developed below, is that the critique is partially valid as a description of risk and is wholly compatible with the framework’s design prescriptions, capture is a vulnerability to be designed against rather than an inevitability that defeats regulator design.

The empirical applicability of the Stigler-Posner critique to occupational safety regulation specifically is mixed. The classical capture cases in the Stigler and Posner literature are industries with concentrated producer interests, fragmented consumer interests, and economic-regulation (price, entry, output) rather than social-regulation (health, safety, environment) regulatory functions, railroads, trucking, broadcasting, banking. Occupational safety regulation differs structurally: the workers whose interests the regulator is constituted to protect are an organised counter-interest to the producer interest, and the regulator’s relationship to industry is mediated by union and worker-representation institutions the classical Stigler-Posner cases do not feature. The classical capture mechanism is therefore weakened in OHS regulation (relative to the classical cases) by the presence of a structured counter-interest, but is not eliminated, the union-density decline across most OECD economies over the past four decades has reduced the strength of the structured counter-interest, and the empirical record of post-2000 OHS regulator-degradation (Section 5.4) is consistent with a partial-capture interpretation in which the producer interest’s relative bargaining position has strengthened. The framework treats partial capture as a real structural risk that the four established structural conditions (independence; technical competence; resourcing; legitimacy and accountability) and the novel fifth (information sovereignty) are designed against.

The Buchanan-Tullock constitutional-public-choice critique.

Buchanan and Tullock’s 1962 The Calculus of Consentdeveloped a more general analytical apparatus that does not require the Stigler-Posner capture mechanism. The argument is that political and bureaucratic actors are best modelled as self-interested utility-maximisers operating against the constraints of their institutional environment, and that the resulting rent-seeking behaviour, the diversion of resources from productive activity to the capture of political and regulatory rents, produces welfare losses the public-interest framing of regulation does not register. The Buchanan-Tullock critique poses a challenge of a different kind from the Stigler-Posner critique: it is not that the regulator is captured by the regulated, but that the regulator itself has incentives to expand its mandate, budget, and scope independently of public-interest justification. The framework’s response is structural rather than dismissive. The structural conditions component (Section 4.4), specifically the legitimacy-and-accountability condition operationalised through the OECD seven principles, is designed to constrain mandate expansion through transparency and external scrutiny. The expanded purpose clause proposed in Section 4.1 is itself subject to the Buchanan-Tullock challenge, it could be characterised as mandate expansion without public-interest justification, and the framework’s response is the doctrinal grounding in ILO Convention 155 and the US OSH Act, which establishes that the proposed expansion consolidates existing scope rather than introducing new scope and is therefore not vulnerable to the Buchanan-Tullock rent-seeking characterisation. The Buchanan-Tullock challenge remains analytically relevant against the framework’s other components, and the framework’s design response is to insist on transparency, scrutiny, and external verification at every component, these are responsive to the public-choice concern even where they do not adopt the position’s normative conclusions.

The Carpenter-Moss capture-prevention framework.

Carpenter and Moss’s 2014 Preventing Regulatory Capture: Special Interest Influence and How to Limit It represents the contemporary analytical maturation of the capture literature. The volume develops three substantive moves consequential for the framework here. First, it tightens the analytical definition of capture: capture is the systematic redirection of regulator action away from the public interest the regulator is constituted to advance and toward the private interest of regulated entities, a definition that distinguishes capture from mere influence and from the cooperative behaviour required for any regulator’s effective operation. Second, it identifies the structural conditions under which capture is most likely to occur: information asymmetry between regulator and regulated, weak public-interest counter-mobilisation, professional and personnel exchange between regulator and regulated entities, and inadequate transparency in regulator decision-making. Third, it proposes design responses: structured public-interest mobilisation, professional separation, transparency requirements, and adversarial-information mechanisms. The framework’s five structural conditions are direct operationalisations of the Carpenter-Moss design responses in the work-safety domain. The independence condition addresses professional separation and revolving-door risk; technical competence addresses the information-asymmetry mechanism; adequate resourcing addresses the under-resourced-regulator vulnerability; legitimacy and accountability addresses the transparency requirement; and the novel information-sovereignty condition addresses the adversarial-information mechanism specifically, the regulator’s capacity to interrogate the streams it depends on is, on the Carpenter-Moss analytical lens, the regulator’s capacity to resist the information-asymmetry mechanism through which capture operates. The framework can be characterised as the work-safety-specific operationalisation of the Carpenter-Moss capture-prevention design programme, with information sovereignty added as a fifth structural condition the Carpenter-Moss framework’s broader engagement with information asymmetry supports but does not name.

The responsible-deregulationist position and Hampton-Löfstedt.

Distinct from both the Stigler-Posner-Carpenter-Moss capture tradition and the Buchanan-Tullock rent-seeking tradition is the operational responsible-deregulationist position represented by Hampton (2005) and Löfstedt (2011). The position is not capture-theoretic and is not rent-seeking-theoretic; it is operational. The proposition is that the existing regulatory framework imposes net costs on firms in excess of the social benefits it produces, that the cost-benefit calculation for expansion is not adequately documented, and that the regulatory burden is itself a structural feature requiring containment. Hampton and Löfstedt distinguish rolling back substantive protection (which the responsible variants do not advocate) from reducing the procedural and administrative burden of regulation (which they do advocate), and recommend consolidation, simplification, and risk-based proportionality rather than substantive rollback. The engagement here is therefore with the responsible variant, not with the radical-deregulationist position that the empirical evidence (Levine, Toffel and Johnson 2012; Johnson, Levine and Toffel 2023) already rules against.

The contemporary literature contains a substantive argument (notably Tombs and Whyte 2010) that the responsible-deregulationist framing has, in operational consequence, been used to justify reduced enforcement coverage rather than better-targeted enforcement, and that the regulator-degradation evidence in Section 5.4 is in part attributable to the Hampton and Löfstedt framing being operationalised under fiscal pressure. This consequence-of-framing argument is a real concern that bears on how the responsible variant should be evaluated against its operational consequences rather than only against its stated intent. The response offered here is that the consequence-of-framing concern strengthens rather than weakens the case for explicit attention to the five components: a framework that does not specify what the regulator must be doing risks operational reduction to whatever the prevailing fiscal climate permits.

Three of the framework’s components are responsive to the responsible-deregulationist concern even where the framework does not embrace the position. The function portfolio component (Section 4.2) treats information, education, and advice as activities distinct from enforcement, recognising that the regulator’s effectiveness depends on duty-holder capability as well as on inspection coverage. The structural conditions component’s recognition of resourcing as constitutive (Section 4.4) is responsive to the deregulationist observation that under-resourced symbolic regulation imposes burden without producing safety improvement. The wider prevention ecosystem component (Section 4.5) treats workers’ compensation insurers, industry standards-setting bodies, and the coronial system as part of the prevention architecture rather than as competitors to the regulator.

This paper does not embrace the deregulationist position as primary, for three reasons. First, the empirical record on regulator effectiveness, under the qualifications set out at Section 5.1, does not support the radical-deregulationist contention that OHS regulation imposes net costs on firms. Second, the contemporary harm pattern includes harm types, psychosocial harm, gig and platform-work harm, climate-driven occupational exposure, supply-chain harm, that the deregulationist position does not adequately engage. The expanded purpose clause proposed in Section 4.1 is responsive to a harm pattern the deregulationist tradition’s preference for proceduralism cannot reach. Third, the deregulationist tradition’s structural blindness is the same blindness the information sovereignty condition identifies: a regulator that accepts the under-reporting, structural-bias, and gaming-vulnerability of its data architecture without critical interrogation cannot defend the burden-on-business judgement the deregulationist position requires it to make. The deregulationist position presupposes a regulator that has the information-architecture capacity to make defensible cost-benefit judgements; the empirical evidence suggests that most regulators do not.

Engagement with the public-choice and deregulationist traditions is therefore one of substantive partial accommodation rather than wholesale dismissal. The Stigler-Posner capture critique identifies a real structural risk the framework’s five conditions are designed against; the Buchanan-Tullock rent-seeking critique identifies a real constraint on mandate expansion the framework’s doctrinal grounding and transparency requirements respond to; the Carpenter-Moss capture-prevention programme is, on the analytical reading offered here, what the framework operationalises in the work-safety domain. The responsible-deregulationist concern with under-defended cost-benefit judgements is taken seriously: under conditions of demonstrably limited regulator resourcing and demonstrably limited information sovereignty, the regulator’s cost-benefit judgements about adding regulatory burden cannot be defended on the data architecture currently available, and the prudent default should be caution about expanding the regulator’s purpose, function portfolio, and operational scope without commensurate investment in the structural conditions the framework articulates. The framework’s recommendations are accordingly addressed to a regulator that already operates under the conditions of limited information sovereignty the deregulationist argument identifies. These conditions are themselves the problem, not the basis for regulatory restraint. The alternative of accepting limited information sovereignty as the prevailing condition produces the documented failure patterns of Section 6 rather than producing prudent restraint. The multi-source triangulation prescription set out in Section 4.4 is the framework’s positive response: the regulator that triangulates across multiple streams can defend better-grounded cost-benefit judgements than the regulator that relies on any single stream. The framework’s recommendations should be understood as recommendations to build the multi-source architecture the responsible variant of the deregulationist concern correctly identifies as currently lacking, not as recommendations to expand regulatory burden in the absence of that architecture.

5.7 Limitations of the empirical evidence base

The empirical evidence engaged across the four classes is geographically and culturally concentrated, and warrants explicit acknowledgement at the section level. The inspection-effectiveness anchor is US Cal/OSHA. The critical-degradation evidence is UK HSE. The contemporary inspector-practice shift evidence is Danish, Norwegian, and Swedish. The intervention-design evidence (Dollard and colleagues) is Australian-led with cross-cultural validation in Polish, Chinese, and selected other contexts (Jurek, Olech and Dollard 2025). The recommendation-uptake evidence is Victorian Australian, with the RCIADIC engagement (Freckelton 2024) Australian-jurisdictional. The data-quality literature is dominated by US BLS / NIOSH research, by the UK Tombs and Whyte critical-criminological tradition, and by Hopkins’s Australian-anchored 1994 LTI-rate critique.

The evidence base is dominated by what may be called the Anglo-Australian-American regulatory-research tradition, supplemented by Scandinavian empirical work on contemporary inspector practice. East Asian regulatory-research traditions (Japanese, Singaporean, Chinese, South Korean), Latin American regulatory-research traditions (beyond the Brumadinho case-study engagement in Section 6.3), African and Middle Eastern regulatory-research contexts, and the postcolonial critique of OHS regulatory-research framework export are under-represented in the international peer-reviewed literature this section engages. The under-representation reflects three structural features of the field: the English-language peer-reviewed journal architecture in which the regulatory-research literature is dominantly published; the institutional-data-access asymmetries between Anglo-American and other regulatory contexts that constrain natural-experiment and quasi-experimental research designs; and the methodological dominance of Anglo-American regulatory-economics traditions in the inspection-effectiveness sub-field specifically.

The empirical claims here are conditioned on the cultural assumptions of the evidence base. The inspection-effectiveness contention is established for Cal/OSHA-style and Norwegian-style regulatory regimes; transferability to East Asian directive-mode regulation (such as Singapore’s WSH Act 2006 architecture), to civil-law European systems with different data-architecture configurations, or to developing-economy regulatory contexts is not established by the evidence engaged here. The data-architecture critique is established for compensation-based and self-reporting-based data systems characteristic of the Anglo-American tradition; transferability to social-insurance European systems or to state-administered Asian systems is not established. The intervention-design evidence (PSC) has cross-cultural validation but the validation is partial. The cross-cultural extension required to test the framework’s transferability is identified as further research in Section 7.4. The empirical case should be read as conditioned on the Anglo-Australian-American regulatory-research tradition rather than as a claim about regulator effectiveness across all regulatory traditions globally; the conditioning does not invalidate the component claims at the level of the contexts engaged but identifies the boundary of the evidence base and the work required to extend the framework beyond it.

6. Illustrating the framework through major-accident cases

Section 4’s framework articulates a set of normative claims about advanced-economy major-hazard regulator design. This section illustrates those claims through four major-accident cases, the Esso Longford gas plant explosion (1998), the BP Texas City refinery explosion (2005), the Brumadinho tailings dam collapse (2019), and the Grosvenor coal mine explosion (2020). Each case is chosen because it bears directly on one component of the framework: Longford on purposeand function portfolio; Texas City on the layered causation model and the occupational-vs-process safety distinction; Brumadinho on the wider prevention ecosystem; Grosvenor on the five structural conditions, including the novel information-sovereignty component.

The status of this section is illustrative, not predictive. The cases were chosen with knowledge of the framework’s analytical structure, and the framework was constructed in dialogue with the cases. The cases therefore exemplify the analytical patterns the framework identifies rather than testing the framework predictively, and the consistency of the cases with the framework is not evidence that the framework would predict the same patterns in cases not used in its construction. A rigorous predictive test would run the framework against unseen cases, Pike River 2010, Grenfell Tower 2017, Lac-Mégantic 2013, Hazelwood mine fire 2014, Upper Big Branch 2010, and against cases of substantial regulator success rather than only of failure. Both are identified as further research in Section 7.4. The evidentiary basis of this paper is doctrinal (Section 4.1), theoretical (Section 3 and Section 4.4), and illustrative (this section); it is not empirically-predictive. Readers seeking empirical validation of the framework’s predictive claims should look to that further-research programme rather than to the illustrative material below.

The four illustrative cases share two further limitations. They are concentrated in the major-hazard sectors (petroleum process, refining, mining) where the Hopkins occupational-vs-process safety distinction is most pertinent, consistent with the paper’s scope restriction to advanced-economy major-hazard regulation; application to low-hazard sectors would require a different empirical base. They span 1998 to 2020, a 22-year window not representative of the longer historical arc of regulator practice. Earlier cases (Bhopal 1984; Three Mile Island 1979; Piper Alpha 1988; Westray 1992) would illustrate the framework’s components against regulator practice of different eras.

Each case is anchored on a primary non-Hopkins source, the Dawson Royal Commission Report for Longford, the US Chemical Safety and Hazard Investigation Board final report for Texas City, the official ICMM position on the Global Industry Standard alongside the Hopkins-Kemp critique for Brumadinho, and the Martin Board of Inquiry Final Report for Grosvenor, with Hopkins’s analytical contributions engaged as extensions of those primary sources. The case studies are engaged with the inquiry-contingency caveat set out in Section 4.5: Royal Commission and Board of Inquiry outputs are structurally contingent products rather than authoritative findings of fact, shaped by terms of reference, funding levels, sitting periods, scope boundaries, and the political climate of the inquiry. The case studies engage the Dawson, CSB, ICMM, and Martin records as the most analytically substantive available evidence on each incident while acknowledging that those records are themselves contingent products. Where the inquiry record is silent or constrained, the section flags the silence rather than projecting an analysis into it. The silences are most consequential in Section 6.3, where the Brazilian regulator’s role is not analysed by the Global Tailings Review, and in Section 6.1, where the Dawson Commission’s terms of reference focused on operational and management-system failure rather than the broader regulatory political-economy context.

6.1 Longford 1998, illustrating the purpose and function portfolio components

On 25 September 1998, a heat exchanger at the Esso Gas Plant 1 at Longford, Victoria, fractured and released hydrocarbon vapour, causing explosions and a fire (Dawson, Brooks and Ewer 1999, paragraph 1.3). Two Esso employees, Peter Wilson and John Lowery, were killed; eight others were injured; gas supply to most of Victoria was disrupted for approximately three weeks. The Victorian Royal Commission, established by letters patent dated 20 October 1998 and chaired by retired High Court Justice Daryl Dawson with Commissioners Brian Brooks and Peter Ewer, reported on 28 June 1999.

The Dawson Royal Commission’s findings were structured around five main conclusions (Dawson, Brooks and Ewer 1999). First, the ultimate cause was Esso’s failure to equip its employees with appropriate knowledge to deal with the events that occurred. Second, this amounted to a failure to provide and maintain so far as practicable a working environment that was safe and without risks to health, a breach of section 21 of the Victorian Occupational Health and Safety Act 1985. Third, the absence of a hazard and operability analysis for Gas Plant 1, as required by Esso’s own Operations Integrity Management System (OIMS), was a major contributor: had the HAZOP been conducted, operators and supervisors would not have remained ignorant of the hazards associated with the loss of lean-oil flow that triggered the cascade. Fourth, the OIMS itself was characterised as “repetitive, circular, and impenetrable”, and important components of Esso’s management system were either defective or not implemented. Fifth, the Victorian government had failed to enact legislation requiring Esso to complete a safety report identifying the relevant hazards of the plant in line with national safety standards. The Commission recommended that a new government authority be formed to administer safety audits for all major-hazard facilities in Victoria.

The Royal Commission’s framing emphasises operational and management-system failure at Esso, breach of the Victorian Act’s section 21 duty, and a legislative gap on the regulator side. Hopkins’s Lessons from Longford (2000), drawing on his role as expert witness, extends this in two analytically consequential ways. Hopkins identifies Esso’s safety-culture focus on lost-time injury rates, and the corresponding inattention to process-safety precursor, as the deeper structural cause the Commission’s operational findings did not fully name. Hopkins also identifies the relocation of plant engineers from Longford to Melbourne in the years before the incident as an unmanaged management-of-change decision the Commission noted but did not analyse at length. Hopkins’s interpretive extension is additional to, not a finding of, the Royal Commission record. Subsequent process-safety scholarship has tended to follow the Hopkins reframing, but the Royal Commission’s own findings stand independently.

The legislative response was substantial. The Victorian Occupational Health and Safety (Major Hazard Facilities) Regulations 2000 introduced a safety-case regime for facilities holding significant inventories of hazardous materials, requiring operators to demonstrate that risks were controlled to ALARP and that the regulator could competently assess that demonstration. The MHF regime, initially Victorian, subsequently mirrored across the harmonised WHS jurisdictions, operationalised the layered causation model implicitly: it required operators to engage organisational and sociotechnical reasoning rather than relying on Heinrich-derived metrics, and it required the regulator to develop the technical competence to engage with that analysis.

The Longford case is consistent with the framework’s purpose component in two ways. The Royal Commission’s explicit finding that the Victorian government had failed to enact major-hazard-facility safety-report legislation identifies a gap in the regulator’s statutory purpose: the pre-Longford Victorian framework did not require operators to demonstrate process-safety risk control on terms the regulator could assess. The framework’s contention that the regulator’s statutory purpose must reach beyond acute occupational injury to include process-safety risk is supported by the Commission’s own framing of the legislative gap. The case is consistent with the framework’s function portfolio component in three ways. The recommendation for a specialist safety-audit authority identifies the need for the standards-setting and rule-makingand authorisation, licensing and approvals activities to be developed as distinct functions, not collapsed into general compliance monitoring. Hopkins’s analytical extension on Esso’s safety-culture focus on LTI rate identifies the need for the data architecture activity, a regulator that does not interrogate operator measurement regimes cannot detect the misdirection the LTI rate produces. The Commission’s findings on OIMS implementation failure identify the need for the investigation activity to be developed as distinct from compliance monitoring.

6.2 Texas City 2005, illustrating the layered causation model and the LTI critique

On 23 March 2005, the isomerization unit at BP’s Texas City Refinery in Texas, USA, exploded during start-up. Fifteen workers in temporary trailers near the unit were killed; more than 180 were injured. The US Chemical Safety and Hazard Investigation Board (2007) conducted a two-year investigation and produced a final report whose findings have become the canonical record of the incident.

The CSB Final Investigation Report framed its findings at two levels. At BP’s level, the CSB found “organizational and safety deficiencies at all levels of the BP Corporation”, and specifically that “a very low personal injury rate at Texas City gave BP a misleading indicator [of] process safety performance” while the overall safety culture and process-safety management programme had serious deficiencies. The CSB found that BP did not conduct management-of-change reviews for budget cuts, staff reductions, and organisational changes that impaired process safety. At OSHA’s level, the CSB’s findings are directly consequential for the framework’s information-sovereignty argument. The CSB found that “OSHA enforcement at the BP Texas City refinery was also examined. In the years prior to the incident OSHA conducted several inspections, primarily in response to fatalities at the refinery, but did not identify the likelihood for a catastrophic incident, nor did OSHA prioritize planned inspections of the refinery to enforce process safety regulations, despite warning signs.” The CSB’s most direct statement of the systemic regulatory failure was: “OSHA’s national focus on inspecting facilities with high personnel injury rates, while important, has resulted in reduced attention to preventing less frequent, but catastrophic, process safety incidents such as the one at Texas City. OSHA’s capability to inspect highly hazardous facilities and to enforce process safety regulations is insufficient; very few comprehensive process safety inspections were conducted prior the ISOM incident and only a limited number of OSHA inspectors have the specialized training and experience needed to perform these complex examinations.”

The CSB issued 26 safety recommendations to nine entities. Twenty years after the incident, the CSB’s investigation digest (United States Chemical Safety and Hazard Investigation Board 2025) records that 25 of the 26 recommendations have been successfully closed through implementation across BP, the chemical industry more broadly, and standards-setting bodies. The one recommendation that remains open is directed at OSHA: a recommendation that OSHA revise its Process Safety Management standard to require a management-of-change review for organisational changes that may impact process safety. The unimplemented recommendation is consequential for the framework’s argument: it addresses the structural deficiency the CSB identified, and it has remained open for two decades despite all other recommendations being implemented. The information-sovereignty contention is supported by this implementation record: the chemical industry has implemented the operational reforms the CSB recommended, but the regulator’s structural reform (revising the PSM standard to capture organisational change) has not.

The Baker Panel (Baker et al. 2007), commissioned by BP and chaired by former US Secretary of State James Baker, reached substantively convergent conclusions. The Baker Panel’s specific framing, that BP had no leading-indicator regime for process safety equivalent to its lagging occupational-safety indicators, directly informs the framework’s layered-causation-model component. Hopkins’s Failure to Learn (2008), drawing on both the CSB and Baker Panel findings, extends this with the comparative claim that the BP Texas City incident reproduced structural failures that Longford had also exhibited, and that BP and the industry had “failed to learn” the lessons of earlier incidents. Hopkins’s analytical extension is consistent with the CSB and Baker findings but additional to them.

The Texas City case is consistent with the framework’s layered causation model component in three ways. The case empirically demonstrates the operational consequence of using a single causation paradigm (Heinrich-derived behavioural; LTI rate) as the primary regulator metric: the metric registered what was frequent (low-consequence occupational incidents) rather than what was consequential (catastrophic process-safety risk), and the result was fifteen deaths. The case demonstrates that the regulator’s data architecture and its underlying causation paradigm are mutually reinforcing: the CSB’s finding that OSHA’s national targeting framework directed attention toward facilities with high personnel-injury rates and away from facilities with low injury rates but high process-safety risk is a direct empirical demonstration of the data-architecture / causation-paradigm interaction the framework articulates. On the framework’s analytical view, if OSHA’s metric suite had included process-safety leading indicators alongside the Heinrich-derived occupational metrics, the Texas City risk profile would have been visible before the explosion. This is a counter-factual proposition rather than a Baker or CSB finding; the CSB’s recommendations effectively endorse it by recommending that OSHA strengthen comprehensive PSM enforcement using “available indicators of process safety performance”.

6.3 Brumadinho 2019, illustrating the wider prevention ecosystem component

On 25 January 2019, the tailings dam at Vale’s Córrego do Feijão iron ore mine near Brumadinho, Minas Gerais, Brazil, failed catastrophically. The liquefied mining waste suffocated workers within seconds; the total fatality count reached approximately 270 people, the majority of whom were mineworkers eating lunch in the on-site canteen. The disaster triggered the Global Tailings Review, a multi-stakeholder process co-convened by the International Council on Mining and Metals (ICMM), the United Nations Environment Programme (UNEP), and the Principles for Responsible Investment (PRI).

The official ICMM position on the resulting Global Industry Standard on Tailings Management (International Council on Mining and Metals 2020) frames the Standard as embodying “a step-change in terms of transparency, accountability and safeguarding the rights of project affected people” and characterises the underlying philosophy as one of “zero harm to people and the environment with zero tolerance for human fatality”. ICMM’s member companies have committed to bring all “extreme” or “very high” potential consequence tailings facilities into conformance by 5 August 2023, and other facilities not in safe closure by 5 August 2025. A companion Tailings Management Good Practice Guide and Conformance Protocols were released on 6 May 2021; the Good Practice Guide was updated in February 2025. The Standard, on ICMM’s account, represents a substantive industry response to Brumadinho and to the earlier Samarco (2015) and Mount Polley (2014) failures.

Hopkins and Kemp (2021), as two of the seven independent experts on the writing panel, provide a critical insider account that complicates the official ICMM framing in analytically important ways. Their account documents the process by which the Standard’s text was constrained by what they characterise as ICMM “red line” vetoes: the Standard did not ban the upstream tailings dam construction method (the method used at Brumadinho), did not ban riverine and deep-sea tailings disposal, did not adopt a consequence-classification approach that recognises the expected loss of a single life as triggering extreme-event design standards, and did not include adequate provisions for chronic-impact monitoring or for financial assurance for catastrophic dam failure. The Hopkins-Kemp account also documents ICMM’s institutional position: ICMM “consistently argued that its views should take precedence” over those of PRI and UNEP and “backed this up throughout the development of the Standard with an implied threat that it would bring the process to a halt if its fundamental interests were disregarded”. The civil-society Safety First Guidelines (June 2020, drafted by an alliance of approximately 150 civil-society organisations) addressed several of the gaps the Hopkins-Kemp account identifies, but the Hopkins-Kemp characterisation is that the Global Tailings Review co-convenors did not engage with the Safety Firstalternative. ICMM’s published position does not engage the Hopkins-Kemp critique directly; the contrast between the ICMM “step-change” characterisation and the Hopkins-Kemp documented constraints is analytically consequential rather than reconciled in any published source.

The Brumadinho case bears on the framework’s wider prevention ecosystem component in three ways. The case demonstrates that voluntary multi-stakeholder standards-setting, even when convened by reputable international institutions and undertaken in the immediate aftermath of catastrophic failure, is structurally constrained by the most powerful stakeholder. This is a distinct phenomenon from statutory-regulator capture in the Stigler / Carpenter tradition: there, the captured entity is a regulator with statutory enforcement authority; here, the constrained entity is a voluntary standards-setting body without enforcement authority operating under explicit multi-stakeholder governance. These are related but separate concerns. The case demonstrates that the ecosystem of standards-setting bodies, international institutions, civil-society organisations, and statutory regulators is structurally interdependent: the Global Tailings Review was constituted because no statutory regulator had global jurisdiction over the tailings-management problem, and the Review’s outputs are being progressively incorporated into national regulatory frameworks (the Bills Review of NSW mine safety legislation in October 2020 recommended that the NSW Resources Regulator reference the Standard in guidance). The contention, voluntary industry-co-produced standards can supplement but cannot replace independent regulator-set requirements, is supported by the structural-vulnerability evidence even though the Standard itself represents a substantive improvement over the pre-Review status quo.

The Brumadinho sub-section has acknowledged limits as a framework illustration, and these limits are made explicit here in view of the partial-record nature of the available evidence base. First, the Brazilian regulatory context, Vale’s compliance history, the role of Brazil’s National Mining Agency (ANM, established 2017) and its predecessor the National Department of Mineral Production (DNPM), and the broader Brazilian political-economy context that contributed to the underlying tailings-dam failure, is not analysed here. The paper’s scope restriction to advanced-economy major-hazard regulation is the binding constraint: the Brazilian statutory regulator’s pre-Brumadinho practice falls outside that scope, and substantive engagement with it is left to further research. The framework’s prevention-ecosystem component requires engagement with both the statutory regulator’s role and the standards-setting role; this sub-section engages only the latter, and the illustrative use of the case is therefore restricted to the framework’s standards-setting / ecosystem-interaction propositions and does not extend to its statutory-regulator propositions. Second, the published evidence base on the Global Tailings Review process is structurally partial: the Hopkins-Kemp (2021) account is the most analytically substantive published critical treatment, written by two of the seven independent experts on the writing panel; ICMM’s official position (2020) is the operator-side counter-account; the UNEP and PRI internal perspectives have not been independently published; and no independent academic analysis published after Hopkins and Kemp that engages the “red line” veto pattern at comparable depth is available in the present evidence base. The illustration relies disproportionately on Hopkins-Kemp as the critical voice, a reliance that is consistent with the paper’s Hopkins-anchored framing but that the section flags as a partial-record limitation rather than as a balanced treatment. A future treatment with access to the UNEP or PRI internal perspectives, or to independent academic analysis published after Hopkins and Kemp, would substantially strengthen the illustration. Third, the Standard’s effectiveness in preventing future tailings failures is not yet empirically established, so the case bears on the structural-vulnerability proposition (voluntary standards-setting is constrained by the most powerful stakeholder) rather than on the effectiveness proposition (the Standard succeeds or fails at preventing future failures). The structural-vulnerability proposition is the more defensible of the two given the partial-record evidence base.

6.4 Grosvenor 2020, illustrating the five structural conditions including information sovereignty

On 6 May 2020, an explosion at Anglo American’s Grosvenor underground coal mine in central Queensland severely burned five mineworkers. The miners survived; the incident was a near-fatal event with manifestly catastrophic potential. The Queensland Coal Mining Board of Inquiry, chaired by retired District Court Judge Terry Martin SC, was established by gazette notice on 22 May 2020 to investigate the Grosvenor explosion and 40 high-potential incidents involving methane exceedances at Queensland underground coal mines between 1 July 2019 and 5 May 2020. Hopkins was originally appointed as a member of the Board of Inquiry but subsequently withdrew. The Board’s final report was published in two parts: Part I (30 November 2020, 25 recommendations) and Part II (31 May 2021, 40 recommendations), making 65 recommendations in total (Martin 2021).

The Martin Inquiry’s findings on production-pressure / safety tension are central to the framework’s argument and stated as findings of fact rather than analytical inferences. The Inquiry found that mining operations at Grosvenor “were repeatedly conducted in a manner whereby the gas emissions being generated by the rate of production were in excess of the capacity of the mine’s gas drainage system”, and that “coal mine workers were repeatedly subject to an unacceptable level of risk through the operations being conducted in this manner” (Martin 2021). Spontaneous combustion was identified as the probable proximate cause of the 6 May 2020 serious accident. The Inquiry’s thematic findings included “the competing priorities of coal production rates and worker safety”, “the impact of production and safety bonuses and incentives on worker safety”, and “the safety implications of the use of labour hire”. The Inquiry distributed its 65 recommendations across industry (30 recommendations, including 3 specifically for Grosvenor mine), Resources Safety and Health Queensland (30 recommendations), the Coal Mining Safety and Health Advisory Committee (3 recommendations), and the Mining and Energy Union (2 recommendations). RSHQ accepted all 30 recommendations directed at it. Hopkins’s Sacrificing Safety (2022), drawing on the Inquiry record, extends the Inquiry’s findings into the more general claim that production-incentive structures corrupt engineering judgement at the boundary of acceptable risk, a claim consistent with but additional to the Inquiry’s case-specific findings.

The Grosvenor case bears on the framework’s five structural conditions component in two analytically distinct ways. The four established conditions, independence, technical competence, adequate resourcing, and legitimacy with accountability, are each visible in the case as a context of failure. The pre-Brady, pre-Grosvenor Queensland mining regulator operated within a state government structure that was also responsible for promoting mining-industry development; the structural-independence question, latent in the Brady Review’s 2019 critique, was made explicit by the post-Brady reorganisation that established Resources Safety and Health Queensland as a separate statutory entity in 2020. Technical competence was uneven, particularly in engaging operators on serious-hazard management, a Brady finding the Inquiry’s recommendations on inspector qualifications directly addressed. Resourcing constraints had limited the inspectorate’s proactive engagement, a concern visible in both Brady and the Inquiry. Legitimacy concerns had accumulated through the documented fatality cycle Brady traced. None of the four conditions was uniquely deficient in a way the framework would predict for that specific condition; all four were operating at levels Brady had already identified as inadequate, and the Inquiry extended Brady’s documentation.

The information-sovereignty condition, the framework’s novel structural addition, bears on the case in a distinct and more direct way. The Inquiry found that at three of the mines examined (Oaky North, Moranbah North, Grasstree) and at the corporate levels above them, “operational practices and management systems … were generally adequate and effective to achieve compliance with the relevant safety laws and standards in respect of methane exceedances”, but that “the potential consequence of the methane exceedances was not properly identified at any of the mines, in that there was a failure to recognise that each had the potential to result in an outcome with a level 4 or 5 consequence rating” (Martin 2021, Finding 4). This is a finding about the operator data architecture. But the Inquiry’s broader documentation establishes that the regulator’s monitoring of methane-exceedance incidents was data-driven from operator self-reports, that the regulator’s incident-classification system was inherited and procedural rather than risk-based, and that the regulator’s data architecture had not been configured to integrate production-rate data with methane-exceedance frequency in a way that would have surfaced the production-pressure pattern at Grosvenor before the explosion. The information-sovereignty contention is supported with the qualification that the Inquiry’s findings on the regulator’s data architecture are more implicit than explicit, the Inquiry’s recommendations on RSHQ’s data systems (including the High Potential Incident Frequency Rate framework recommended by Brady and operationalised post-Grosvenor) directly address the gap the framework identifies, but the Inquiry did not characterise the gap in the framework’s specific terms.

The Brady-Grosvenor implementation-lag relationship strengthens the analytical argument. The Brady Review was released in 2019, with eleven recommendations including four directed at the regulator. The Grosvenor explosion occurred in May 2020, approximately fifteen months after Brady’s release and during the active implementation period. On the information-sovereignty argument, data-architecture problems persist through implementation periods, that even when the regulator knows what it needs to do (per Brady), the data architecture for doing it is not in place quickly enough to prevent precursor incidents. The Grosvenor explosion during the post-Brady implementation period is empirically consistent: the regulator had identified the information-architecture gap, had accepted the recommendations to address it, but had not yet operationalised the data systems that would have surfaced the production-pressure pattern at Grosvenor. The contention that information sovereignty is a constitutive structural condition, that its absence cannot be compensated for by activity on the other four conditions, is supported by this implementation-lag evidence.

Anglo American’s position warrants brief engagement. The company accepted the Inquiry’s specific findings on the Grosvenor operational record and implemented operational and management changes in response. The company has not, in its public submissions, accepted the broader Hopkins (2022) characterisation that its production-incentive structures systematically corrupted engineering judgement. The argument here does not require the Hopkins characterisation in full: even on Anglo American’s narrower acceptance, the production-pressure / safety-margin tension the Inquiry documented is a structural feature of the operation rather than an episodic operational error. The information-sovereignty argument is robust against the narrower acceptance.

Grosvenor is the framework’s most direct test of the novel information-sovereignty condition. The four established structural conditions are each visible in the case as a context of failure; the fifth (information sovereignty) is visible specifically as a gap: a regulator that has been told (by Brady) what to do, has accepted the recommendations, but has not yet operationalised the data systems required to do it, is structurally vulnerable to the very incident the recommendations were designed to prevent. The contention that information sovereignty is a constitutive structural condition is supported by this case more directly than by the other three.

Synthesis – What the four cases illustrate and where the illustration stops

The four cases jointly illustrate the five-component framework. Longford bears on purpose and function portfolio: the pre-Longford Victorian regulatory framework had a statutory gap the Royal Commission identified explicitly, and a function portfolio that had not developed the technical and investigative capability the Royal Commission’s recommendations subsequently required. Texas City bears on the layered causation model: the CSB found that OSHA’s national targeting framework directed regulatory attention toward high-injury-rate facilities and away from process-safety risk, with the unimplemented OSHA management-of-change recommendation standing as a continuing structural deficiency twenty years on. Brumadinho bears on the wider prevention ecosystem: the contrast between ICMM’s “step-change” characterisation and the Hopkins-Kemp documented “red line” vetoes illustrates that voluntary industry-co-produced standards-setting is structurally constrained by the most powerful stakeholder, and is therefore not a substitute for statutory regulation. Grosvenor bears on the five structural conditions, including the novel information-sovereignty addition: the Brady-Grosvenor implementation-lag relationship illustrates that information-architecture problems persist through implementation periods, and that the regulator’s acceptance of recommendations does not prevent the precursor conditions of catastrophic incident before the recommendations are operationalised.

The four cases are consistent with the framework, they exemplify the patterns the framework would expect to find in cases of regulator failure on each component. The framework was constructed with knowledge of these cases, so the consistency does not constitute predictive validation; the cases illustrate the framework rather than test it predictively. A predictive test would require running the framework against cases not used in its construction. The case for the framework’s analytical adequacy is therefore established by illustration of consistency, not by predictive success. The framework’s normative claims, that explicit attention to all five components produces a more defensible regulator design in the advanced-economy major-hazard scope, rest on the doctrinal and theoretical material in Sections 4 and 5 rather than on the illustrative material here.

The illustration is negative: all four cases are failure cases, and the framework’s bearing on each is established by the case’s exhibition of the framework’s predicted failure pattern. The illustration does not bear on the converse, that presence of all five components produces success, because all four are failure cases. A future paper that engages cases of regulator success at comparable depth, the Cal/OSHA random-inspection findings (Levine, Toffel and Johnson 2012), the Norwegian Labour Inspection Authority’s documented effects (Garshol, Emberland and Johannessen 2025), the post-Cullen UK HSE pre-2010 offshore safety record, would either strengthen or weaken the framework on the sufficient-conditions question. The present paper does not attempt that engagement.

The case-study material relies on Hopkins as a substantial interpretive voice. Lessons from Longford (2000), Failure to Learn (2008), Credibility Crisis with Kemp (2021), and Sacrificing Safety (2022) inform the four case treatments above. The section has reduced the reliance on Hopkins as the dominant interpretive voice by engaging the primary inquiry records, the Dawson Royal Commission Report (1999), the CSB Final Investigation Report (2007) directly, ICMM’s official position on the Global Industry Standard (2020) alongside the Hopkins-Kemp critique, and the Martin Board of Inquiry Final Report (2021), as the structural foundation for each case treatment, with Hopkins’s contributions engaged as analytical extensions of those primary sources. The Hopkins-anchoring of the illustrative material is consistent with the paper’s overall Hopkins-anchored normative reconstruction framing (Section 1.5; Section 7.2). Future case-study work that engages voices beyond Hopkins and the inquiry records on the same incidents (the UNEP and PRI internal perspectives on Brumadinho, the post-Martin Anglo American operational record on Grosvenor, the post-CSB OSHA implementation history on Texas City) would further strengthen the illustrative material.

The four cases are all failure cases. A framework that illuminates regulator failure does not necessarily illuminate regulator success in equal measure. The strongest possible objection is that successful regulator practice may be too varied to be illuminated by any single five-component framework, and that the framework therefore identifies necessary but not sufficient conditions for regulator effectiveness. This is a reasonable objection that is not resolved here. The defence is that explicit attention to the five components is more defensible against the failure patterns the four cases illustrate than any alternative known to the literature, but the case for sufficient-conditions claims must rest on success-case evidence the present paper does not provide.

7. Conclusion – What the framework offers to work safety regulators and what it leaves open

The paper’s central question is what should define the work safety regulator. The framework offered in Section 4 is one defensible answer, supported by the doctrinal analysis in Section 4.1, the theoretical-paradigm survey in Section 3, the empirical evidence in Section 5, and the case-study illustration in Section 6. The paper is best characterised as a Hopkins-anchored normative reconstruction: an evidence-based articulation of what the work safety regulator in advanced-economy major-hazard sectors should be, drawing principally on the Hopkins corpus as its interpretive lens, supplemented by substantive engagement with the regulatory-studies tradition (Gunningham; Sparrow; Baldwin, Cave and Lodge; Parker; Yeung), the public-administration literature on agency autonomy and capture (Carpenter; Carpenter and Moss; Moe; McCubbins and Lupia; Klijn; Rhodes; Provan and Kenis), the public-choice critique (Stigler; Posner; Buchanan and Tullock; Carpenter and Moss), and the OECD-aligned governance-of-regulators framework. The evidentiary basis is doctrinal (Section 4.1), theoretical (Sections 3 and 4.4), and illustrative (Section 6) rather than predictive. The conclusion restates the framework against the evidence base, engages the Hopkins-anchored framing that runs through the analytical sections, acknowledges the limitations the evidence base carries, identifies the further research the framework invites, and states the paper’s contribution.

7.1 The framework restated against the evidence base

The framework comprises five components. Purpose defines what work-related harm the regulator is constituted to address; function portfolio defines what the regulator is constituted to do; layered causation model defines the conceptual lens through which the regulator interprets the workplace; structural conditions defines what the regulator must be, internally, to perform its function competently; and wider prevention ecosystem defines the regulator’s relationship to the other mechanisms contributing to the prevention of work-related harm. The components are reciprocally reinforcing in operational practice. The central claim is not that any one component is necessary alone but that partial implementation produces predictable patterns of regulator failure, as the four case illustrations in Section 6 exhibit.

Two synthesising contributions warrant restatement here. The first is the explicit doctrinal grounding of the proposed expansion of the regulator’s statutory purpose clause in ILO Convention 155 Article 3(e) and the United States Occupational Safety and Health Act 1970 sections 2(b)(5) and (6). The expansion positions the contemporary harm pattern, psychosocial harm, gig and platform-work harm, climate-driven occupational exposure, supply-chain harm, within an international-instrument doctrinal foundation, and proposes statutory consolidation of the expanded scope the operative regulatory regime has been progressively addressing through subordinate instruments. The second is the identification and substantive operationalisation of information sovereignty as a fifth constitutive structural condition. The condition extends the OECD-aligned four-condition framework with the regulator’s capacity to control, verify, and critically interrogate the multiple information streams on which its direction-setting depends, and is operationalised in Section 4.4 through six measurement indicators (stream breadth, triangulation frequency, discrepancy documentation rate, adversarial-source ingestion, inspector data-literacy, published-methodology transparency), five assessment criteria (constitutive recognition, cross-stream verification protocols, adversarial interrogation mechanism, independent verification capacity, publication transparency), and five failure modes (single-stream reliance, symbolic data architecture, operator-data dependence, audit-as-ceremony, headline-metric capture). The operationalisation is at parity with the OECD-aligned operationalisations of the four established conditions and is supported by the convergent empirical record engaged in Sections 5.4 and 6.2–6.4.

The principal counter-positions are engaged substantively. The deregulationist and public-choice counter-positions are engaged in Section 5.6, the framework partially accommodates the responsible-deregulationist variant (Hampton 2005; Löfstedt 2011) through its function portfolio, structural conditions, and prevention ecosystem components; engages the Stigler (1971) and Posner (1974) capture critique by treating capture as a designable-against vulnerability and operationalising the Carpenter-Moss (2014) capture-prevention design programme through the five structural conditions; engages the Buchanan-Tullock (1962) constitutional-public-choice critique through transparency and external-verification requirements at every component; and rejects the radical-deregulationist position on the basis of the Levine, Toffel and Johnson (2012) and Johnson, Levine and Toffel (2023) effect-size evidence (under the Section 5.1 qualification that the Levine evidence measures a sub-class of harm) and the contemporary harm pattern the deregulationist tradition does not engage. The behavioural-safety defender position is engaged in Section 3.1 and integrated into the layered causation model in Section 4.3, the framework accommodates behavioural intervention as one paradigm within a layered approach (the Class A paradigm choice) while rejecting the behavioural paradigm’s primacy in major-hazard contexts (the Class C paradigm choice) on the Texas City evidence. The critical-criminological tradition (Tombs and Whyte 2010, 2013) is integrated into the framework’s information-sovereignty argument and the deregulationist counter-position discussion.

What follows in the analytical sections is offered as a more coherent articulation of the regulator’s design than the implicit accumulation of historical layers that Section 2 documents. The contributions extend rather than displace existing scholarship, and the case rests on cumulative evidence from doctrinal analysis, theoretical-paradigm survey, empirical evidence, and case-study testing rather than on any single analytical move.

7.2 The Hopkins-reliance pattern

Hopkins’s corpus (Hopkins 1994, 2000, 2008, 2012, 2019, 2022; Hopkins and Kemp 2021) is engaged at substantial depth across Sections 4, 5, and 6. The reliance pattern was flagged in the critical reviews of Sections 5 and 6 and in the cross-section consistency review, and warrants explicit engagement here.

Six Hopkins contributions inform the framework. The 1994 Limits of Lost Time Injury Frequency Rates paper supplies the foundational critique of LTIFR as regulator direction-setting input. The occupational-vs-process safety distinction is articulated across Failure to Learn (2008) and Disastrous Decisions (2012). The Longford analytical extension comes from Lessons from Longford (2000), drawing on Hopkins’s expert-witness role at the Dawson Royal Commission. The production-pressure / structure-creates-culture framing is developed in Organising for Safety (2019) and Sacrificing Safety(2022). The Brumadinho insider account complicating the official ICMM framing comes from Credibility Crisis (Hopkins and Kemp 2021). These contributions inform the information-sovereignty argument (Section 4.4), the layered causation model (Section 4.3), and the case-study analytical extensions across Sections 6.1–6.4.

A fair characterisation has three elements. First, Hopkins is the framework’s primary interpretive lens on the questions the framework engages, the LTI-rate limits, the occupational-vs-process safety distinction, the production-pressure framing, the major-accident case-study tradition. The reliance reflects the literature’s actual structure rather than an analytical choice: Hopkins is the most productive single Australian-context process-safety voice and his expert-witness proximity to multiple of the case studies (Longford, Grosvenor) gives the corpus primary-source standing the broader literature does not match. Second, the framework’s principal mitigation is the restructuring of Section 6 to engage non-Hopkins primary sources for the inquiry-record dimension of each case, the Dawson Royal Commission Report (1999) for Longford, the CSB Final Investigation Report (2007) for Texas City, the official ICMM position (2020) alongside the Hopkins and Kemp (2021) critique for Brumadinho, and the Martin Board of Inquiry Final Report (2021) for Grosvenor. The non-Hopkins primary sources mitigate the reliance on the inquiry-record dimension; the Hopkins analytical extensions on what those records mean for regulator design remain the framework’s principal interpretive voice. Third, the framework’s analytical components in Section 4 remain Hopkins-anchored more substantially than the case-study restructuring mitigates. Hopkins is the framework’s primary interpretive lens, supplemented by non-Hopkins primary sources for the inquiry-record dimension. The framework is not Hopkins-dependent in the sense that the components could not be defended without Hopkins, but it is Hopkins-anchored in the sense that Hopkins is the most consequential single voice.

This characterisation identifies the further work an independent test would require. Independent verification of the LTIFR-limits argument against non-Hopkins empirical work is partially available in Manuele (2002), Wuellner, Adams and Bonauto (2016), and Tombs and Whyte (2013), each engaged here but each warranting more substantive standalone replication. Independent verification of the occupational-vs-process safety distinction is partially available in the CSB (2007) and Baker et al. (2007) reports themselves, engaged directly in Section 6.2; further synthesis with the broader process-safety scholarship beyond Hopkins’s Australian contribution would extend the verification. Independent verification of the production-pressure framing is partially available in Tombs and Whyte (2013) and Le Coze (2023, 2024); further engagement with non-Hopkins critical-criminology and safety-science work would extend the verification. The framework’s evidence base is Hopkins-anchored; broadening of that base is identified as further research in Section 7.4.

7.3 Limitations

Six limitations of this paper warrant explicit acknowledgement and the author acknowledges these from the outset.

The paper’s evidentiary basis is doctrinal, theoretical, and illustrative rather than predictive. Section 6’s four cases were chosen with knowledge of the framework’s analytical structure, and the framework was constructed in dialogue with the cases. The cases therefore illustrate the framework’s analytical patterns rather than test them predictively, and the consistency of the cases with the framework is not evidence that the framework would predict the same patterns in cases not used in its construction. A rigorous predictive test would require running the framework against cases not used in its construction, Pike River 2010, Grenfell Tower 2017, Lac-Mégantic 2013, Hazelwood mine fire 2014, Upper Big Branch 2010, and against cases of substantial regulator success. The present paper invites that test rather than claiming to have conducted it. Readers seeking predictive validation of the framework should look to the further-research programme identified at Section 7.4 rather than to the illustrative material in Section 6.

The paper’s evidence base is geographically and culturally concentrated. The empirical-effectiveness anchor (Levine, Toffel and Johnson 2012; Johnson, Levine and Toffel 2023) is US Cal/OSHA. The critical-degradation evidence (Tombs and Whyte 2010, 2013) is UK HSE. The contemporary inspector-practice shift evidence (Palmqvist et al. 2026; Rudolf et al. 2025; Stahl et al. 2025; Garshol et al. 2025) is Danish, Norwegian, and Swedish. The case studies are Australian (Longford 1998; Grosvenor 2020), US (Texas City 2005), and Brazilian (Brumadinho 2019, engaged through the Anglo-Australian Hopkins and Kemp 2021 lens and the ICMM 2020 industry-association position rather than through Brazilian regulatory-culture scholarship). The doctrinal analysis covers Australian, UK, US, EU, and ILO instruments, the broadest geographic spread in the paper. The evidence base is dominated by what may be called the Anglo-Australian-Scandinavian regulatory tradition. East Asian, Latin American (beyond Brumadinho), African and Middle Eastern regulatory contexts, and the postcolonial critique of OHS framework export are under-represented. The cultural-dimensions literature (notably Hofstede’s framework as applied to safety culture by Mearns and colleagues, and Helmreich and Merritt’s aviation cross-cultural safety-culture work) is not engaged. The framework’s claims are conditioned on the cultural assumptions of the evidence base. The function portfolio component assumes a separation between duty-holder, regulator, and worker shaped by Anglo-Australian common-law traditions; the structural conditionscomponent (particularly legitimacy and accountability) is shaped by Westminster-tradition assumptions about ministerial responsibility, independent inspectorates, and judicial review; the information sovereignty argument depends on multi-source triangulation across data architectures that may not exist or may exist in different configurations in non-Western jurisdictions; the inspector-identity shift documented in Scandinavia is engaged with the transferability question explicitly acknowledged but not resolved. Transferability to non-Anglo-Australian-Scandinavian regulatory traditions is an empirical question the present paper does not resolve, identified as further research in Section 7.4.

The primary application is to advanced-economy major-hazard regulation. Application to low-hazard sectors (offices, retail, education, hospitality, where catastrophic-risk failure is less probable and the Hopkins occupational-vs-process safety distinction is less consequential) and to developing-economy regulation (where structural-condition constraints, particularly resourcing, are more severe than the framework’s normative articulation assumes) requires modified application the present paper does not attempt.

The case studies are all failure cases. A framework that explains regulator failure does not necessarily illuminate regulator success in equal measure. The framework identifies necessary conditions for regulator effectiveness (absence of which is associated with the specific failure patterns the four cases document) but does not claim to identify sufficient conditions. Successful regulator practice may be too varied to be explained by any single five-component framework. The framework’s defence is that explicit attention to the five components is more defensible against the failure patterns the four cases document than any alternative known to the literature, but the case for sufficient-conditions claims must rest on success-case evidence the present paper does not provide.

The paper is a Hopkins-anchored normative reconstruction. The Hopkins corpus is engaged substantively across the analytical sections as discussed in Section 7.2. The Hopkins anchoring is acknowledged from the outset (Section 1.5) rather than absorbed silently, and is identified as a substantive feature of the framework’s evidence base rather than as a defect to be apologised for. Although Section 6’s structuring engages non-Hopkins primary sources for each case-study inquiry record (the Dawson, CSB, ICMM, and Martin records), and although Sections 4 and 5 engage the regulatory-studies, public-administration, public-choice, and OECD-aligned traditions substantively, the framework’s analytical components in Section 4 remain Hopkins-anchored as a matter of interpretive lens. An independent test of the framework against analytical traditions that do not share the Hopkins interpretive lens, most prominently the continental-European safety-science tradition (Le Coze, Hollnagel) and the East Asian regulatory-research traditions, remains for further work.

The engagement with the public-choice critique is substantive but partial. Section 5.6 engages Stigler (1971), Posner (1974), Buchanan and Tullock (1962), and Carpenter and Moss (2014) at depth and characterises the framework’s structural-conditions component as the work-safety-specific operationalisation of the Carpenter-Moss capture-prevention design programme, with information sovereignty added as a fifth structural condition the broader Carpenter-Moss engagement with information asymmetry supports but does not name. Further work would extend the engagement to the constitutional-public-choice extensions (Brennan and Buchanan; Buchanan’s later works on constitutional economics), to the regulator-capture literature published since Carpenter and Moss (Yackee 2019; Pagliari 2012; and the post-2014 capture-prevention scholarship), and to the law-and-economics tradition (Breyer; Sunstein) at depth.

The six limitations are real. None is unique to the present paper, the published OHS regulation literature is genuinely Anglo-American, European, and Scandinavian-dominant; the case-study tradition is genuinely dominated by failure cases; the Hopkins corpus is genuinely the most analytically productive single body of work on the specific questions the framework engages; and the deregulationist literature is rarely engaged in depth in OHS-specific scholarship. The limitations are characteristic of the field’s evidence base rather than of the present paper specifically.

7.4 Further research

Seven further research directions follow. Each is offered as an opening for the broader regulatory-scholarship community rather than as an author commitment.

Predictive testing against cases not used in framework construction.

Pike River 2010, Grenfell Tower 2017, Lac-Mégantic 2013, Hazelwood mine fire 2014, and Upper Big Branch 2010 supply a quintet for predictive testing. Each is well-documented in the published inquiry record; each engages different combinations of the framework’s components. Pike River specifically would extend the prevention-ecosystem component because the Royal Commission on the Pike River Coal Mine Tragedy is one of the most analytically substantive inquiry outputs of the past two decades, with the Macfie (2013) critique of the Commission’s scope limitations providing the analytical foil. Grenfell Tower would extend the purpose component because the case engages building-safety regulation rather than workplace-safety regulation directly.

Regulator-success-case engagement.

A quartet of success-case engagements would strengthen or weaken the framework’s normative-claim component. The Cal/OSHA random-inspection findings (Levine, Toffel and Johnson 2012; Johnson, Levine and Toffel 2023) supply one success case at the inspection-effectiveness level. The Norwegian Labour Inspection Authority’s documented effects (Garshol, Emberland and Johannessen 2025) supply a Scandinavian-system success case. The post-Cullen UK HSE offshore safety record before 2010 supplies a sector-level success case the framework’s structural-conditions component would predict. The post-Brady Queensland mining regulator’s response to the Grosvenor explosion supplies a contemporary case the information-sovereignty condition would predict. A future paper applying the framework to these four cases would test the sufficient-conditions claim more directly.

Cross-cultural extension to non-Anglo-Australian-Scandinavian regulatory traditions.

The framework’s geographic-and-cultural concentration is identified as a limitation in Section 7.3. The extension would test the framework’s transferability across regulatory traditions the present paper has not engaged: East Asian traditions (Japan, Singapore, China, South Korea); Latin American traditions (Brazil, Chile, Argentina); African and Middle Eastern regulatory contexts; and the postcolonial critique of OHS framework export. The cultural-dimensions literature (Hofstede; Helmreich and Merritt) would provide an analytical tool. The likely finding is that some framework components transfer cleanly (the doctrinal-grounding argument transfers because international instruments are explicitly designed for cross-cultural application; the information-sovereignty argument transfers because data-architecture concerns are not culturally specific), while others require modification (the function-portfolio component is shaped by Anglo-Australian common-law traditions; the legitimacy-and-accountability condition is shaped by Westminster-tradition assumptions). This is the further research the framework most clearly invites.

Empirical testing of the information-sovereignty multi-source-triangulation prescription.

The prescription is currently normative; an empirical test against regulators that have implemented some form of multi-source data architecture would test whether the architecture produces measurable improvement in regulator direction-setting. Three candidates are identifiable. Victoria’s integrated WorkSafe-and-insurer model captures data-flow benefits the NSW separated SafeWork-SIRA-icare model does not; a quasi-experimental comparison, using compensation-claims data, coronial-recommendation uptake data, and inspection-targeting data as outcomes, would test whether integrated data architecture produces measurably better direction-setting. New Zealand’s post-Pike River WorkSafe NZ was constituted explicitly to address the data-architecture and structural-independence deficits the Royal Commission identified; an evaluation against the framework’s information-sovereignty prescription would test whether the prescription is operationalisable in practice. Queensland’s post-Brady Resources Safety and Health Queensland is currently operationalising the High Potential Incident Frequency Rate framework; an evaluation against the prescription is now possible.

Doctrinal extension through specific statutory drafting.

The framework recommends expansion of the regulator’s statutory purpose clause but does not draft specific statutory text. Doctrinal extension would convert the analytical recommendation into operational reform proposal through consultation across legislative drafting, statutory interpretation, and industrial-relations communities. The work would draft specific amendments to the Australian model Work Health and Safety Act 2011 section 3, the UK Health and Safety at Work etc. Act 1974 section 1, and the US Occupational Safety and Health Act 1970 section 2, with comparative analysis of the drafting choices each amendment requires. The work would also engage the statutory-interpretation question of how courts and tribunals would read the expanded purpose against existing case law on the reasonably-practicable qualification.

Substantive engagement with the public-choice and law-and-economics critiques of OHS regulation.

The corresponding research direction would engage the more sophisticated public-choice tradition, Stigler (1971), Posner (1974), Buchanan and Tullock’s The Calculus of Consent (1962) and the contemporary regulatory-capture literature (Carpenter and Moss 2014) directly. The engagement would assess the framework’s cost-benefit assumptions against the tradition’s analytical objections, identify which of the framework’s components are most vulnerable to public-choice critique (most likely the structural-conditions component, particularly the resourcing and information-sovereignty conditions, which depend on assumptions about public-investment behaviour the tradition contests), and clarify the framework’s relationship to the responsible variant of the deregulationist position.

Sector-level application.

The framework is offered at a general level. Application to specific sector-level regulators would test the framework’s transferability across sector contexts with different harm patterns, different industrial-relations contexts, and different historical regulatory trajectories. The strongest cases are mining and resources (where the Brady, Grosvenor, and Brumadinho cases supply the most developed evidence base), construction (where the Federal Safety Commissioner’s audit criteria and the Lingard and Pirzadeh 2025 client-contractor interface work supply the analytical foundation), transport and logistics (where the National Heavy Vehicle Regulator and the Lac-Mégantic case supply the contrast between primary-regulator and inquiry-investigation modes), healthcare and disability services (where the contemporary worker-protection and psychosocial-hazard literature is most rapidly developing), and agriculture (where the Walters and Nichols 2007 prevention-triangle work and the quad bike inquest series supply the analytical foundation).

The seven directions are each substantial standalone papers. The framework’s contribution is to articulate the analytical framework against which each test would be conducted; the tests themselves are work the framework invites rather than work the present paper undertakes.

7.5 The paper’s contribution and closing argument

It is the author’s intention that the paper’s contribution is twofold and is synthesising rather than originally analytical. What is offered brings together existing doctrinal foundations, existing empirical evidence, and existing analytical traditions in a configuration the existing literature has not articulated. The synthesis is the contribution.

The first synthesising contribution is the explicit doctrinal grounding of the proposed expansion of the regulator’s statutory purpose clause in international instruments. The doctrinal foundation in ILO Convention 155 Article 3(e) and the US Occupational Safety and Health Act 1970 sections 2(b)(5) and (6) is not new, Article 3(e) was adopted in 1981; the OSH Act sections have been on the US statute book since 1970; the EU Framework Directive 89/391 directly incorporates the ILO definition by reference; the contemporary psychosocial-hazard literature has been progressively operationalising the expanded scope through subordinate instruments such as the Victorian Occupational Health and Safety (Psychological Health) Regulations 2025 and the NSW WHS Amendment Regulation 2022. The framework’s contribution is the synthesising move of bringing the doctrinal foundation into explicit conversation with the contemporary harm pattern (psychosocial, gig and platform-work, climate-driven, supply-chain) and proposing statutory consolidation. The framing as statutory consolidation rather than catch-up-with-international-standards is more honest about what the operative regulatory regime has already been doing through subordinate instruments and more defensible against legal challenge than implicit extension.

The second synthesising contribution is the identification and naming of information sovereignty as a fifth constitutive structural condition. The empirical evidence on data-architecture problems is not new, Hopkins’s 1994 LTI-rate critique, the BLS / NIOSH under-reporting literature, the Tombs and Whyte regulatory-degradation work, the Audit Masqueradeanalysis (Hutchinson, Dekker and Rae 2024), and the Ontario WSIB experience-rating-gaming evidence are all established in the literature. The framework’s contribution is the synthesising move of treating these problems as a constitutive structural condition rather than a contextual variable, of articulating the condition alongside the OECD-aligned four conditions, and of prescribing multi-source triangulation across self-reporting, worker reports, public complaints, compensation data, coronial findings, hospital admissions, social surveys, and academic-research findings as the positive design response. The condition’s identification responds to a structural blindness that the existing OECD-aligned literature has not named explicitly but that the empirical record consistently surfaces.

The principal recommendations follow from the two contributions and the five components, presented here as seven actionable items for regulatory bodies.

1. Expand the regulator’s statutory purpose clause to cover work-related harm in all its contemporary forms, physical and psychological, acute and chronic, direct and indirect, within and beyond the conventional employer-employee relationship, grounded in the international-instrument doctrinal foundation the framework supplies.
2. Design and resource the regulator’s function as an integrated eight-activity portfolio, standards-setting and rule-making; authorisation, licensing and approvals; information, education and advice; compliance monitoring through inspection and audit; investigation following incidents; enforcement through notices, prosecutions and enforceable undertakings; learning and policy revision; and data architecture, with explicit recognition that data architecture is a constitutive activity rather than administrative support.
3. Make the regulator’s underlying causation model explicit, layered rather than singular, and operationalise it through KPI suites that distinguish occupational from process safety risk and that select between paradigms based on the risk class of the situation.
4. Satisfy the five structural conditions, independence, technical competence, adequate resourcing, legitimacy and accountability, and information sovereignty, as constitutive design requirements rather than as contextual variables. Treat any one condition’s deficit as compromising the framework’s case for the regulator’s effectiveness, not as a contextual problem to be managed around.
5. Build the multi-source data architecture the information-sovereignty condition prescribes. Treat no single data stream as authoritative; triangulate across the available streams; build the analytical capacity to interrogate each against the others.
6. Position the regulator as one mechanism within a wider prevention ecosystem that includes the coronial system, royal commissions and boards of inquiry (engaged with the inquiry-contingency caveat that even comprehensive inquiry outputs may be contested in the subsequent literature), workers’ compensation insurers, and industry standards-setting bodies, with explicit interfaces to each.
7. Treat voluntary industry-co-produced standards (examples such as the Global Industry Standard on Tailings Management) as supplements rather than substitutes for independent regulator-set requirements, recognising the structural-vulnerability evidence that voluntary standards-setting is constrained by the most powerful stakeholder.

The case rests on cumulative evidence rather than on any single analytical move. The doctrinal analysis in Section 4.1 establishes the international-instrument foundation for the expanded purpose clause. The theoretical-paradigm survey in Section 3 and the operationalisation of the layered causation model in Section 4.3 establish the layered model’s basis in the safety-science literature. The empirical evidence in Section 5 establishes the inspection-effectiveness foundation for the structural-conditions component (under the Section 5.1 Levine-qualification) and the data-architecture critique foundation for the information-sovereignty condition. The case-study illustration in Section 6 exhibits the patterns the framework predicts in cases of regulator failure on each component. The normative claim rests on the conjunction of doctrinal, theoretical, and illustrative material rather than on any one source. The empirical-predictive claim, that the framework would predict the same patterns in unseen cases, is identified as further research rather than as established.

What this paper offers is a Hopkins-anchored normative reconstruction, against the assembled doctrinal, theoretical, and illustrative evidence base, of what the work safety regulator in advanced-economy major-hazard sectors should be. The articulation makes explicit what regulator practice has historically left implicit and what the existing OECD-aligned scholarship has not named as constitutive. It is offered as an analytical tool for regulatory-practice and regulatory-scholarship communities; the further research it invites is the empirical-predictive test of whether the tool produces more defensible regulator design than the alternative of leaving the design implicit. It will not be the final word. It is offered as a more coherent articulation of the regulator’s design, in the advanced-economy major-hazard scope and within the Hopkins-anchored interpretive lens it acknowledges, than the implicit accumulation of historical layers Section 2 documents and the unresolved paradigm conflicts Section 3 surfaces.

References

Afsharian, A., Dollard, M.F. and Crispin, C. (2023). Work-related psychosocial and physical paths to future musculoskeletal disorders (MSDs). Safety Science, 164, 106177.

Almond, P. and Esbester, M. (2016). The changing legitimacy of health and safety, 1960–2015: understanding the past, preparing for the future. Policy and Practice in Health and Safety, 14(1), 81–96. https://doi.org/10.1080/14773996.2016.1231868

Anglo American (2020). Submissions to the Queensland Coal Mining Board of Inquiry. Anglo American plc.

Ayres, I. and Braithwaite, J. (1992). Responsive Regulation: Transcending the Deregulation Debate. New York: Oxford University Press.

Baldwin, R., Cave, M. and Lodge, M. (2012). Understanding Regulation: Theory, Strategy, and Practice. 2nd edition. Oxford: Oxford University Press.

Azaroff, L.S., Levenstein, C. and Wegman, D.H. (2009). Occupational injury surveillance: a healthcare-industry case. American Journal of Industrial Medicine.

Baker, J.A. III, Bowman, F., Erwin, G., Gorton, S., Hendershot, D., Leveson, N., Priest, S., Rosenthal, I., Tebo, P.V., Wiegmann, D.A. and Wilson, L.D. (2007). The Report of the BP U.S. Refineries Independent Safety Review Panel. Baker Panel Report, January 2007.

Berglund, R., Kombeiz, O. and Dollard, M.F. (2024). Manager-driven intervention for improved psychosocial safety climate and psychosocial work environment. Safety Science, 176, 106552.

Bills, A. (2020). Independent Review of NSW Resources Regulator: Final Report. NSW Department of Regional NSW, October 2020.

Black, J. (1997). Rules and Regulators. Oxford: Clarendon Press.

Black, J. (2002). Critical Reflections on Regulation. Australian Journal of Legal Philosophy, 27, 1–35.

Boden, L.I. and Ozonoff, A. (2008). Capture-recapture estimates of nonfatal workplace injuries and illnesses. Annals of Epidemiology, 18(6), 500–506.

Boland, M. (2018). Review of the Model Work Health and Safety Laws: Final Report. Safe Work Australia.

Brady, S. (2019). Review of All Fatal Accidents in Queensland Mines and Quarries from 2000 to 2019 (the “Brady Review”). Brady Heywood Pty Ltd / Queensland Department of Natural Resources, Mines and Energy.

British Safety Council (2023). The State of the Health and Safety Executive 2010–2023: Funding, Capacity and Enforcement Activity. London: British Safety Council.

Buchanan, J.M. and Tullock, G. (1962). The Calculus of Consent: Logical Foundations of Constitutional Democracy. Ann Arbor: University of Michigan Press.

Bureau of Labor Statistics (2014). Survey of Occupational Injuries and Illnesses: Technical Notes and Methodology. US Department of Labor, BLS.

Carpenter, D. (2001). The Forging of Bureaucratic Autonomy: Reputations, Networks, and Policy Innovation in Executive Agencies, 1862–1928. Princeton: Princeton University Press.

Carpenter, D. (2010). Reputation and Power: Organizational Image and Pharmaceutical Regulation at the FDA. Princeton: Princeton University Press.

Carpenter, D. and Moss, D.A. (eds.) (2014). Preventing Regulatory Capture: Special Interest Influence and How to Limit It. New York: Cambridge University Press.

Columbia Accident Investigation Board (2003). Columbia Accident Investigation Board Report, Volume 1. National Aeronautics and Space Administration, August 2003.

Committee on Safety and Health at Work (1972). Safety and Health at Work: Report of the Committee 1970–72 (the “Robens Report”). Cmnd 5034. London: HMSO.

Coroners Court of Queensland (2020). Inquest into the deaths of Kate Goodchild, Luke Dorsett, Cindy Low and Roozbeh Araghi (the “Dreamworld Inquest”). Findings of Coroner James McDougall, 24 February 2020.

Cullen, W.D. (1990). The Public Inquiry into the Piper Alpha Disaster. Department of Energy, Cmnd 1310. London: HMSO.

Dawson, D., Brooks, B. and Ewer, P. (1999). Report of the Longford Royal Commission. Government Printer Victoria. Parliamentary Paper No. 61 of 1998–99.

Dekker, S. (2011). Drift into Failure: From Hunting Broken Components to Understanding Complex Systems. Farnham: Ashgate.

Department of Treasury and Finance Victoria (2024). WorkSafe Victoria Annual Report 2023–24. State of Victoria.

Dollard, M.F., Loh, M.Y. and Potter, R. (2024). Psychosocial Safety Climate, working time lost, and expenditure following workplace injuries and illnesses. Work & Stress.

European Agency for Safety and Health at Work (2024). Digital Platform Work in the European Union: Health and Safety Risks. Luxembourg: Publications Office of the European Union.

European Agency for Safety and Health at Work (2025). Psychosocial Risks in Europe: Prevalence and Strategies for Prevention. Luxembourg: Publications Office of the European Union.

European Council (1989). Council Directive 89/391/EEC of 12 June 1989 on the introduction of measures to encourage improvements in the safety and health of workers at work. Official Journal of the European Communities, L 183, 29 June 1989, 1–8.

Findley, K.A. and Scott, M.S. (2006). The multiple dimensions of tunnel vision in criminal cases. Wisconsin Law Review, 2, 291–397.

Freckelton, I. (2024). Death investigation and coroners’ inquests: Evolution and improvements. Alternative Law Journal, 49(4).

Friebel, J., Potter, R. and Dollard, M.F. (2024). Health and safety representatives’ perceptions of occupational health and safety policy developments to improve work-related psychological health: applying the theory of planned behaviour. Safety Science, 172, 106410.

Garshol, T.E., Emberland, J.S. and Johannessen, H.A. (2025). Effects of Labour Inspection Authority interventions: quasi-experimental evidence from Norwegian home-care services. Safety Science.

Geller, E.S. (1998). Working Safe: How to Help People Actively Care for Health and Safety. Boca Raton: CRC Press.

Gunningham, N., Grabosky, P. and Sinclair, D. (1998). Smart Regulation: Designing Environmental Policy. Oxford: Clarendon Press.

Gunningham, N. and Johnstone, R. (1999). Regulating Workplace Safety: Systems and Sanctions. Oxford: Oxford University Press.

Hampton, P. (2005). Reducing Administrative Burdens: Effective Inspection and Enforcement. London: HM Treasury, March 2005.

Hawkins, K. (1984). Environment and Enforcement: Regulation and the Social Definition of Pollution. Oxford: Clarendon Press.

Hawkins, K. (2002). Law as Last Resort: Prosecution Decision-Making in a Regulatory Agency. Oxford: Oxford University Press.

Heinrich, H.W. (1931). Industrial Accident Prevention: A Scientific Approach. New York: McGraw-Hill.

Helmreich, R.L. and Merritt, A.C. (1998). Culture at Work in Aviation and Medicine: National, Organizational and Professional Influences. Aldershot: Ashgate.

Hofstede, G. (1980). Culture’s Consequences: International Differences in Work-Related Values. Beverly Hills: Sage.

Hollnagel, E. (2014). Safety-I and Safety-II: The Past and Future of Safety Management. Farnham: Ashgate.

Hopkins, A. (1994). The limits of lost time injury frequency rates, in Positive Performance Indicators: Beyond Lost Time Injuries: Part 1, Issues, pp. 29–35. Sydney: Worksafe Australia / National Occupational Health and Safety Commission.

Hopkins, A. (2000). Lessons from Longford: The Esso Gas Plant Explosion. Sydney: CCH Australia.

Hopkins, A. (2008). Failure to Learn: The BP Texas City Refinery Disaster. Sydney: CCH Australia.

Hopkins, A. (2012). Disastrous Decisions: The Human and Organisational Causes of the Gulf of Mexico Blowout. Sydney: CCH Australia.

Hopkins, A. (2019). Organising for Safety: How Structure Creates Culture. Sydney: CCH Australia / Wolters Kluwer.

Hopkins, A. (2022). Sacrificing Safety: Lessons for Chief Executives. Macquarie Park, NSW: Wolters Kluwer CCH.

Hopkins, A. and Kemp, D. (2021). Credibility Crisis: Brumadinho and the Politics of Mining Industry Reform. Macquarie Park, NSW: Wolters Kluwer CCH.

Hudson, P. (2007). Implementing a safety culture in a major multi-national. Safety Science, 45(6), 697–722.

Hutchinson, B., Dekker, S. and Rae, A. (2024). Audit masquerade: How audits provide comfort rather than treatment for serious safety problems. Safety Science, 169, 106348.

International Council on Mining and Metals (2020). Global Industry Standard on Tailings Management. London: ICMM. August 2020.

International Labour Organization (1981). Occupational Safety and Health Convention, 1981 (No. 155). Geneva: ILO, adopted 3 June 1981.

Johnson, M.S., Levine, D.I. and Toffel, M.W. (2023). Improving regulatory effectiveness through better targeting: evidence from OSHA. American Economic Journal: Applied Economics, 15(4), 30–67.

Klijn, E.-H. (2008). Governance and governance networks in Europe: an assessment of ten years of research on the theme. Public Management Review, 10(4), 505–525.

Klijn, E.-H. and Koppenjan, J. (2016). Governance Networks in the Public Sector. London: Routledge.

Jurek, P., Olech, M., Afsharian, A. and Dollard, M.F. (2025). Cross-cultural validation of the Psychosocial Safety Climate (PSC-12) instrument: a Polish multisample multilevel study. Safety Science.

Knobel, P. and Naweed, A. (2023). How does the regulatory context influence systems thinking in work health and safety (WHS) inspectors? Safety Science, 166, 106237.

Le Coze, J.-C. (2023). Coupling and complexity at the global scale: flows, networks, interconnectedness and synchronicity (e.g. Covid-19). Safety Science.

Le Coze, J.-C. (2024). NASA, SpaceX, safety and (post) bureaucracy: reinterrogating the past, challenging the present with H. McCurdy. Safety Science, 177, 106599.

Le Coze, J.-C. (2026). The untold story of behaviour-based safety (BBS). Safety Science (forthcoming).

Leveson, N. (2012). Engineering a Safer World: Systems Thinking Applied to Safety. Cambridge, MA: MIT Press.

Levine, D.I., Toffel, M.W. and Johnson, M.S. (2012). Randomized government safety inspections reduce worker injuries with no detectable job loss. Science, 336(6083), 907–911.

Lingard, H. and Pirzadeh, P. (2025). Workplace health and safety performance at the client–contractor interface: measurement, management and behaviour. Safety Science, 184.

Löfstedt, R. (2011). Reclaiming Health and Safety for All: An Independent Review of Health and Safety Legislation. Cm 8219. London: Department for Work and Pensions, November 2011.

MacLean, C.L. (2022). Cognitive bias in workplace investigation: problems, perspectives and proposed solutions. Applied Ergonomics, 105, 103860.

Macfie, R. (2013). Tragedy at Pike River Mine: How and Why 29 Men Died. Wellington: Awa Press.

Maggetti, M. (2010). Legitimacy and accountability of independent regulatory agencies: a critical review. Living Reviews in Democracy, 2.

Manuele, F.A. (2002). Heinrich Revisited: Truisms or Myths. Itasca, IL: National Safety Council Press.

McCubbins, M.D., Noll, R.G. and Weingast, B.R. (1987). Administrative procedures as instruments of political control. Journal of Law, Economics, & Organization, 3(2), 243–277.

Moe, T.M. (1984). The new economics of organization. American Journal of Political Science, 28(4), 739–777.

Hyatt, D.E. and Thomason, T. (2003). Pricing Health Care: Workers’ Compensation Experience Rating in Ontario. Toronto: Ontario Workplace Safety and Insurance Board, Research Advisory Council.

Martin, T. (2021). Queensland Coal Mining Board of Inquiry, Final Report. Brisbane: Queensland Government. Part I: 30 November 2020; Part II: 31 May 2021.

National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling (2011). Deep Water: The Gulf Oil Disaster and the Future of Offshore Drilling, Report to the President. Washington, DC: US Government Printing Office, January 2011.

North, D.C. (1990). Institutions, Institutional Change and Economic Performance. Cambridge: Cambridge University Press.

Organisation for Economic Co-operation and Development (2014). The Governance of Regulators. OECD Best Practice Principles for Regulatory Policy. Paris: OECD Publishing.

Organisation for Economic Co-operation and Development (2017). Creating a Culture of Independence: Practical Guidance against Undue Influence. Paris: OECD Publishing.

Organisation for Economic Co-operation and Development (2022). Equipping Agile and Autonomous Regulators. OECD Best Practice Principles for Regulatory Policy. Paris: OECD Publishing.

Palmqvist, J., Kjaergaard, A. and Ajslev, J. (2026). Inspector identity and dialogue-based inspection: evidence from Danish labour-inspection practice. Safety Science.

Panckhurst, G., Bell, S. and Henry, D. (2012). Report of the Royal Commission on the Pike River Coal Mine Tragedy. Wellington: New Zealand Government, 30 October 2012.

Parker, C. (2002). The Open Corporation: Effective Self-Regulation and Democracy. Cambridge: Cambridge University Press.

Parker, C. (2013). Twenty years of responsive regulation: an appreciation and appraisal. Regulation & Governance, 7(1), 2–13.

Parliament of Queensland (2011). Work Health and Safety Act 2011 (Qld). Brisbane: Queensland Parliamentary Counsel.

Parliament of the United Kingdom (1974). Health and Safety at Work etc. Act 1974. London: HMSO.

Perrow, C. (1984). Normal Accidents: Living with High-Risk Technologies. New York: Basic Books.

Perrow, C. (1999). Normal Accidents: Living with High-Risk Technologies. Revised edition. Princeton: Princeton University Press.

Pidgeon, N. and O’Leary, M. (2000). Man-made disasters: why technology and organizations (sometimes) fail. Safety Science, 34(1–3), 15–30.

Posner, R.A. (1974). Theories of economic regulation. Bell Journal of Economics and Management Science, 5(2), 335–358.

Provan, K.G. and Kenis, P. (2008). Modes of network governance: structure, management, and effectiveness. Journal of Public Administration Research and Theory, 18(2), 229–252.

Potter, R., Dollard, M.F. and Cefaliello, A. (2024). National Policy Index (NPI) for worker mental health and its relationship with enterprise psychosocial safety climate. Safety Science, 172, 106428.

Rasmussen, J. (1997). Risk management in a dynamic society: a modelling problem. Safety Science, 27(2–3), 183–213.

Reason, J. (1990). Human Error. Cambridge: Cambridge University Press.

Reason, J. (1997). Managing the Risks of Organizational Accidents. Aldershot: Ashgate.

Regulatory Studies Center (2025). Brazilian Federal Regulatory Agencies: Capacity and Performance Trends 2015–2024. George Washington University, Regulatory Studies Center.

Rhodes, R.A.W. (1997). Understanding Governance: Policy Networks, Governance, Reflexivity and Accountability. Buckingham: Open University Press.

Rhodes, R.A.W. (2017). Network Governance and the Differentiated Polity: Selected Essays, Volume 1. Oxford: Oxford University Press.

Rosenman, K.D., Kalush, A., Reilly, M.J., Gardiner, J.C., Reeves, M. and Luo, Z. (2006). How much work-related injury and illness is missed by the current national surveillance system? Journal of Occupational and Environmental Medicine, 48(4), 357–365.

Rudolf, A., Kjaergaard, A. and Ajslev, J. (2025). The evolving inspector: from enforcer to alliance-builder. Safety Science.

Ruser, J.W. (1985). Workers’ compensation insurance, experience rating, and occupational injuries. RAND Journal of Economics, 16(4), 487–503.

Safe Work Australia (2024a). Coronial-Recommendation Uptake across Australian Jurisdictions: A National Review. Canberra: Safe Work Australia.

Safe Work Australia (2024b). Regulator-Insurer Architecture in Australian WHS Jurisdictions: A Comparative Analysis. Canberra: Safe Work Australia.

Sparrow, M.K. (2000). The Regulatory Craft: Controlling Risks, Solving Problems, and Managing Compliance. Washington, DC: Brookings Institution Press.

Stahl, C., Lundqvist, D. and Reineholm, C. (2025). Dialogue-based inspection in Swedish work-environment authority practice. Safety Science.

Stemn, E., Hassall, M.E., Cliff, D. and Bofinger, C. (2019). Incident investigators’ perspectives of incident investigations conducted in the Ghanaian mining industry. Safety Science, 112, 173–188.

Stigler, G.J. (1971). The theory of economic regulation. Bell Journal of Economics and Management Science, 2(1), 3–21.

Sutherland, G., Kemp, C., Bugeja, L., Sewell, G., Studdert, D.M. and Pirkis, J. (2014). What happens to coroners’ recommendations for improving public health and safety? Organisational responses under a mandatory response regime in Victoria, Australia. BMC Public Health, 14, 732.

Sutherland, G., Kemp, C., Bugeja, L., Sewell, G., Studdert, D.M. and Pirkis, J. (2016). Mandatory responses to public health and safety recommendations issued by coroners: a content analysis. Australian and New Zealand Journal of Public Health, 40(6).

Tombs, S. and Whyte, D. (2010). A deadly consensus: worker safety and regulatory degradation under New Labour. British Journal of Criminology, 50(1), 46–65. https://doi.org/10.1093/bjc/azp063

Tombs, S. and Whyte, D. (2013). The myths and realities of deterrence in workplace safety regulation. British Journal of Criminology, 53(5), 746–763.

Turner, B.A. (1978). Man-Made Disasters. London: Wykeham.

Turner, B.A. and Pidgeon, N. (1997). Man-Made Disasters. 2nd edition. Oxford: Butterworth-Heinemann.

United States Chemical Safety and Hazard Investigation Board (2007). Investigation Report: Refinery Explosion and Fire, BP Texas City, Texas, March 23, 2005. Report No. 2005-04-I-TX. Washington, DC: US CSB, March 2007.

United States Chemical Safety and Hazard Investigation Board (2025). BP Texas City Investigation Digest: 20-Year Retrospective on Recommendation Implementation. Washington, DC: US CSB.

United States Congress (1970). Occupational Safety and Health Act of 1970. Public Law 91-596, 91st Congress, 29 December 1970.

Vaughan, D. (1996). The Challenger Launch Decision: Risky Technology, Culture, and Deviance at NASA. Chicago: University of Chicago Press.

Victorian Commission for Gambling and Liquor Regulation (2017). Inspector Continuing Professional Development Framework. Melbourne: Victorian Government.

Walters, D. and Nichols, T. (2007). Worker Representation and Workplace Health and Safety. Basingstoke: Palgrave Macmillan.

Weick, K.E. and Sutcliffe, K.M. (2007). Managing the Unexpected: Resilient Performance in an Age of Uncertainty. 2nd edition. San Francisco: Jossey-Bass.

Williamson, O.E. (1985). The Economic Institutions of Capitalism: Firms, Markets, Relational Contracting. New York: Free Press.

WorkSafe Tasmania (2016). Absorbing Coronial Recommendations as Regulatory Inputs: A Procedural Framework. Hobart: WorkSafe Tasmania.

Wuellner, S.E., Adams, D.A. and Bonauto, D.K. (2016). Unreported workers’ compensation claims to BLS Survey of Occupational Injuries and Illnesses: establishment factors. American Journal of Industrial Medicine, 59(4), 274–289.

Yeung, K. (2010). The regulatory state, in R. Baldwin, M. Cave and M. Lodge (eds.), The Oxford Handbook of Regulation. Oxford: Oxford University Press, 64–83.

Yeung, K. and Lodge, M. (eds.) (2019). Algorithmic Regulation. Oxford: Oxford University Press.

Read our content on Workplace Accident Investigation